-
Enhancement
-
Resolution: Fixed
-
P3
-
7
-
b02
All RC4-based TLS cipher suites should be disabled on JDK 7. Only RC4_40 suites are disabled. The other RC4 suites are currently available but not enabled by default. To use them they must be explicitly enabled by an application, for example, by calling `SSLSocket.setEnabledCipherSuites`. Due to the age and insecurity of RC4, these cipher suites should no longer be available without additional intervention by the user or administrator through the `jdk.tls.disabledAlgorithms` security property.
All RC4 suites are disabled on JDK 8 and up.
All RC4 suites are disabled on JDK 8 and up.
- relates to
-
JDK-8141050 System property to enable RC4 based ciphersuites
- Closed
-
JDK-8076221 Disable RC4 cipher suites
- Closed
There are no Sub-Tasks for this issue.