These suites are known to be rarely used in practice. By default there are other cipher suites that are stronger and have higher priority, thus a client or server using the default JDK configuration should not be affected unless they are specifically trying to negotiate one of these suites.
System or security property
Disable TLS_ECDH_* cipher suites by default.
The TLS_ECDH_* cipher suites do not preserve forward-secrecy and are rarely used in practice. Other TLS implementations (ex: Chrome, Firefox) do not enable these suites. The successor of RFC 7525  (which has been submitted to IESG for Publication as an RFC) recommends that these suites not be used.
Note that some TLS_ECDH_* cipher suites are currently disabled because they use algorithms that are disabled, such as 3DES and RC4. This action will disable the rest.
TLS_ECDH_* cipher suites are supported in TLS 1.0, 1.1, 1.2, and DTLS 1.0, 1.2. They are not supported in TLS 1.3. TLS 1.0, 1.1 and DTLS 1.0 are already disabled by default.
 https://www.ietf.org/archive/id/draft-ietf-uta-rfc7525bis-11.html#name-general-guidelines (see 6th bullet starting with "Implementations SHOULD NOT negotiate cipher suites based on non-ephemeral (static) finite-field Diffie-Hellman key agreement.")
Disable TLS_ECDH_* cipher suites by adding "ECDH" to the
jdk.tls.disabledAlgorithms security property in the
java.security configuration file. This will cause attempts to use TLS_ECDH_* cipher suites to fail with a
SSLHandshakeException with the error message "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)". Users can, at their own risk, re-enable the suites by removing "ECDH" from the
jdk.tls.disabledAlgorithms security property.
Change to the
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048, \ # rsa_pkcs1_sha1, secp224r1 jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, \ - MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL + MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ + ECDH