-
Sub-task
-
Resolution: Delivered
-
P3
-
7u491, 8u481, 11.0.30-oracle, 17.0.18-oracle, 21.0.10-oracle, 24
The TLS_RSA cipher suites have been disabled by default, by adding "TLS_RSA_*" to the `jdk.tls.disabledAlgorithms` security property in the `java.security` configuration file. The TLS_RSA cipher suites do not preserve forward-secrecy and are not commonly used. Some TLS_RSA cipher suites are already disabled because they use DES, 3DES, RC4, or NULL, which are disabled. This action disables all remaining TLS_RSA cipher suites. Any attempts to use cipher suites starting with "TLS_RSA_" will fail with an `SSLHandshakeException`. Users can, at their own risk, re-enable these cipher suites by removing "TLS_RSA_*" from the `jdk.tls.disabledAlgorithms` security property. The following previously enabled cipher suites are now disabled:
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA