8043200,8050158 :RC4 preference re-ordering.
Seán Coffey
sean.coffey at oracle.com
Mon Jul 14 17:24:12 UTC 2014
Looking to backport this change to jdk7u-dev. Best security practice
would be to lower the preference ordering of RC4 ciphersuites. This is
work that's already in progress for JDK 8u and JDK 9.
For JDK 7u, I'd also like to introduce a compatibility flag which will
reverse this change in case legacy applications run into issues with the
preference re-ordering. It won't be available in 8u & 9. CCC approval
has been granted.
http://cr.openjdk.java.net/~coffeys/webrev.rc4.7u.v2/webrev/
regards,
Sean.
More information about the security-dev
mailing list