JDK 12 Early-Access Release Notes

Last update: 2018/08/20

This is a draft of the release notes that will accompany JDK 12. The contents are subject to change until release.

Not Yet Integrated

Disable all DES TLS cipher suites (JDK-8208350)

security-libs/javax.net.ssl

DES-based TLS cipher suites are considered obsolete and should no longer be used. DES-based cipher suites have been deactivated by default in the Oracle JSSE implementation by adding the "DES" identifier to the jdk.tls.disabledAlgorithms security property. These cipher suites can be reactivated by removing "DES" from the jdk.tls.disabledAlgorithms security property in the java.security file or by dynamically calling the Security.setProperty() method. In both cases re-enabling DES must be followed by adding DES-based cipher suites to the enabled cipher suite list using the SSLSocketsetEnabledCipherSuites() or SSLEngine.setEnabledCipherSuites() methods. Note that prior to this change, DES40_CBC (but not all DES) suites were disabled via the jdk.tls.disabledAlgorithms Security property.