Notes generated: Mon Apr 01 19:13:40 CEST 2024





Issue Description

Support for Customization of Default Enabled Cipher Suites via System Properties

The system property jdk.tls.client.cipherSuites can be used to customize the default enabled cipher suites for the client side of SSL/TLS connections. In a similar way, the system property jdk.tls.server.cipherSuites can be used for customization on the server side.

The system properties contain a comma-separated list of supported cipher suite names that specify the default enabled cipher suites. All other supported cipher suites are disabled for this default setting. Unrecognized or unsupported cipher suite names specified in properties are ignored. Explicitly setting enabled cipher suites will override the system properties.

Refer to the Java Cryptography Architecture Standard Algorithm Name Documentation for the standard JSSE cipher suite names, and the Java Cryptography Architecture Oracle Providers Documentation for the cipher suite names supported by the SunJSSE provider.

Note that the actual use of enabled cipher suites is restricted by algorithm constraints.

Note also that these system properties are currently supported by the JDK Reference Implementation. They are not guaranteed to be supported by other implementations.

Warning: These system properties can be used to configure weak cipher suites, or the configured cipher suites may become more weak over time. We do not recommend using the system properties unless you understand the security implications. Use them at your own risk.


Disabled All DES TLS Cipher Suites

DES-based TLS cipher suites are considered obsolete and should no longer be used. DES-based cipher suites have been deactivated by default in the SunJSSE implementation by adding the "DES" identifier to the jdk.tls.disabledAlgorithms security property. These cipher suites can be reactivated by removing "DES" from the jdk.tls.disabledAlgorithms security property in the file or by dynamically calling the Security.setProperty() method. In both cases re-enabling DES must be followed by adding DES-based cipher suites to the enabled cipher suite list using the SSLSocket.setEnabledCipherSuites() or SSLEngine.setEnabledCipherSuites() methods.

Note that prior to this change, DES40_CBC (but not all DES) suites were disabled via the jdk.tls.disabledAlgorithms security property.



Priority Bug Summary
P3 JDK-8201240 Improve releasing native resources of BufImgSurfaceData.ICMColorData
P4 JDK-8075942 ArrayIndexOutOfBoundsException at sun.java2d.pisces.Dasher.goTo(
P4 JDK-8201621 FreeNullICM test should be removed


Priority Bug Summary
P2 JDK-8195738 scroll position in ScrollPane is reset after calling validate()
P3 JDK-8188083 NullPointerExcpn-java.awt.image.FilteredImageSource.startProduction JDK-8079607
P3 JDK-8200353 Shift or Capslock not working in Textfield after accented keystrokes
P3 JDK-8170937 Swing apps are slow if displaying from a remote source to many local displays
P4 JDK-8188030 AWT java apps fail to start when some minimal fonts are present
P4 JDK-8196516 libfontmanager must be built with LDFLAGS allowing unresolved symbols
P4 JDK-8150954 Taking screenshots on x11 composite desktop produce wrong result


Priority Bug Summary
P2 JDK-8187364 Unable to enter zero width non-joiner (ZWNJ) symbol in Swing text component
P3 JDK-6260348 GTK+ L&F JTextComponent not respecting desktop caret blink rate
P3 JDK-8208638 Instead of circle rendered in appl window, but ellipse is produced JEditor Pane


Priority Bug Summary
P4 JDK-8201369 Inet4AddressImpl_getLocalHostName reverse lookup on Solaris only


Priority Bug Summary
P2 JDK-8141491 Unaligned memory access in Bits.c


Priority Bug Summary
P4 JDK-8194412 Adding 256 units of IsoFields.QUARTER_YEARS broken


Priority Bug Summary
P3 JDK-8139507 WARNING: Could not open/create prefs root node Software\JavaSoft\Prefs


Priority Bug Summary
P2 JDK-8186171 HashMap: Entry.setValue may not work after Iterator.remove() called for previous entries


Priority Bug Summary
P2 JDK-8156824 com.sun.jndi.ldap.pool.PoolCleaner should clear its context class loader
P3 JDK-8176192 Incorrect usage of Iterator in Java 8 In com.sun.jndi.ldap.EventSupport.removeNamingListener


Priority Bug Summary
P3 JDK-8186646 Nashorn: "duplicate code" assertion when binding a vararg function that just passes arguments along


Priority Bug Summary
P2 JDK-8213011 Running application under 1.8u172 via a DRS rules with the 1.8u192 plugin fail with java.lang.NoSuchMethodError
P3 JDK-8159886 Window of a newly launched Oracle Forms applet loses focus
P4 JDK-8201651 Better error handling during JNLP2Manager initialisation


Priority Bug Summary
P2 JDK-8195609 DRS - cert based run rule not working when running offline
P3 JDK-8205343 bug in backport of JDK-8185002
P3 JDK-8212457 JWS: Application does not launch on when jnlp.delete.jnlp.file is enabled
P3 JDK-8193711 Launching JWS applet the default download progress dialog only shows if the java console is enabled
P3 JDK-8204508 Robot ScreenCapture fails on HiDPI system
P3 JDK-8168415 ShowDocument fails with URL using jnlp or jnlps protocol


Priority Bug Summary
P2 JDK-8148175 C1: G1 barriers don't preserve FP registers
P2 JDK-8162540 Crash in C2 escape analysis with assert: "node should be registered"
P3 JDK-8153194 [TEST_BUG] runs out of memory in the nightlies
P3 JDK-8158012 Use SW prefetch instructions instead of BIS for allocation prefetches on SPARC Core C4
P4 JDK-8194642 Improve OOM error reporting for JDK8
P4 JDK-8160748 Inconsistent types for ideal_reg
P5 JDK-8008321 compile.cpp verify_graph_edges uses "bool" as "int"


Priority Bug Summary
P1 JDK-8077420 Build failure with SS12u4
P2 JDK-8114823 G1 doesn't honor request to disable class unloading
P3 JDK-8173013 JVMTI tagged object access needs G1 pre-barrier
P3 JDK-8165489 Missing G1 barrier in Unsafe_GetObjectVolatile


Priority Bug Summary
P4 JDK-8081323 ConstantPool::_resolved_references is missing in heap dump


Priority Bug Summary
P1 JDK-8069124 runtime/NMT/ failing in nightlies
P2 JDK-8206406 StubCodeDesc constructor publishes partially-constructed objects on StubCodeDesc::_list
P2 JDK-8197868 VS2017 (C2065) 'timezone': Undeclared Identifier in share/runtime/os.cpp
P2 JDK-8197864 VS2017 (C4334) Result of 32-bit Shift Implicitly Converted to 64 bits
P2 JDK-8198304 VS2017 (C4838, C4312) Various conversion issues with gtest tests
P2 JDK-8196880 VS2017 Addition of Global Delete Operator with Size Parameter Conflicts with Arena's Chunk Provided One
P2 JDK-8196884 VS2017 Multiple Type Cast Conversion Compilation Errors
P2 JDK-8185723 Zero: segfaults on Power PC 32-bit
P3 JDK-8205677 [8u] casts and type change for 8u to enable later Windows compilers
P3 JDK-8205440 [8u] DWORD64 required for later Windows compilers
P3 JDK-8206454 [8u] os::current_stack_pointer() fails to compile on later Windows compilers (warning C4172: returning address of local variable)
P4 JDK-8204872 [8u] VS2017: more instances of "error C3680: cannot concatenate user-defined string literals with mismatched literal suffix identifiers"
P4 JDK-8202600 [Zero] Undefined behaviour in src/os_cpu/linux_zero/vm/os_linux_zero.cpp
P4 JDK-8189170 Add option to disable stack overflow checking in primordial thread for use with JNI_CreateJavaJVM
P4 JDK-8048128 Fix for Solaris Studio C++ 5.13, CHECK_UNHANDLED_OOPS breaks PPC build
P4 JDK-8150688 Fix os_windows siglabel
P4 JDK-8081202 Hotspot compile warning: "Invalid suffix on literal; C++11 requires a space between literal and identifier"
P4 JDK-8035074 hs_err improvement: Add time zone information in the hs_err file
P4 JDK-8026335 hs_err improvement: Print exact compressed oops mode and the heap base value.
P4 JDK-8026331 hs_err improvement: Print if we have seen any OutOfMemoryErrors or StackOverflowErrors
P4 JDK-8144201 openjdk aarch64: jdk/test/com/sun/net/httpserver/ fails with --enable-unlimited-crypto
P4 JDK-8041623 Solaris Studio 12.4 C++ 5.13, CHECK_UNHANDLED_OOPS use of class oop's copy constructor definitions causing error level diagnostic
P4 JDK-8150426 Wrong cast in metadata_at_put
P4 JDK-8186461 Zero's atomic_copy64() should use SPE instructions on linux-powerpcspe
P4 JDK-8201509 Zero: S390 31bit atomic_copy64 inline assembler is wrong


Priority Bug Summary
P3 JDK-6730115 Fastdebug VM crashes with "ExceptionMark destructor expects no pending exceptions" error


Priority Bug Summary
P3 JDK-8204053 not linked with -z,noexecstack


Priority Bug Summary
P2 JDK-8193758 Update copyright headers of files in src tree that are missing Classpath exception


Priority Bug Summary
P1 JDK-8035725 Must keep microsoft VS_PATH on PATH after toolchain detection
P1 JDK-8207853 Need to regenerate configure in jdk8u-dev
P2 JDK-8210423 [8u] Backport of 8034788 breaks GCC version detection
P2 JDK-8134157 adlc fails to compile with SS12u4
P2 JDK-8027584 disable ccache by default
P2 JDK-8079788 Fix broken CL version detection in configure for some Visual Studio configurations
P2 JDK-8138692 libjsig compilation is missing EXTRA_CFLAGS on macosx
P2 JDK-8203790 MSVCP dependency introduced in awt.dll
P2 JDK-8176033 New cygwin grep does not match \r as newline
P2 JDK-8042707 Source changes needed to build JDK 9 with Visual Studio 2013 (VS2013)
P2 JDK-8035825 Warn instead of fail when calling the configure wrapper directly
P3 JDK-8036003 Add --with-debug-symbols=[none|internal|external|zipped]
P3 JDK-8179675 Build with error on windows with new Cygwin grep
P3 JDK-8035751 Clean up Visual Studio detection logic
P3 JDK-8179079 Incremental HotSpot builds broken on Windows
P3 JDK-8034788 Rewrite toolchain.m4 to support multiple toolchains per platform
P4 JDK-8206425 .gnu_debuglink sections added unconditionally when no debuginfo is stripped
P4 JDK-8203349 8u hotspot should recognise later Windows compilers
P4 JDK-8201495 [Zero] Reduce limits of max heap size for boot JDK on s390
P4 JDK-8034199 Add "reconfigure" target for re-creating a configuration
P4 JDK-8196108 Add build support for VS 2015/2017
P4 JDK-8057538 Build the freetype library during configure on Windows
P4 JDK-8038340 Cleanup and fix sysroot and devkit handling on Linux and Solaris
P4 JDK-8035730 Configure fails in cygwin if current dir is in /home/user
P4 JDK-8031759 Configure should handle overrides of tools better
P4 JDK-8078437 Enable use of devkits for Windows.
P4 JDK-8205104 EXTRA_LDFLAGS not consistently being used
P4 JDK-8035495 Improvements in autoconf integration
P4 JDK-8148351 Only display resolved symlink for compiler, do not change path
P4 JDK-8207402 Stray *.debuginfo files when not stripping debug info
P4 JDK-8031668 TOOLCHAIN_FIND_COMPILER unexpectedly resolves symbolic links
P4 JDK-8022177 Windows/MSYS builds broken


Priority Bug Summary
P4 JDK-8202977 script should validate provided source jdk repository


Priority Bug Summary
P3 JDK-8189677 RadioMenuItem fires extra NULL value in property


Priority Bug Summary
P2 JDK-8203845 backport of JDK-8034788 inadvertently rolled back JDK-8187045 changes to toolchain.m4


Priority Bug Summary
P4 JDK-8165463 Native implementation of sunmscapi should use operator new (nothrow) for allocations


Priority Bug Summary
P3 JDK-8178370 [TEST_BUG] java/security/Signature/ fails
P3 JDK-8185855 Debug exception stacks should be clearer
P4 JDK-8193171 keytool -list displays "JKS" for a PKCS12 keystore.
P4 JDK-8189760 sun/security/ssl/CertPathRestrictions/ failed with unexpected Exception intermittently
P4 JDK-8134124 sun/security/tools/jarsigner/ fails when using Hindi locale


Priority Bug Summary
P2 JDK-8081792 buffer size calculation issue in NativeGCMCipher
P2 JDK-8198898 Compilation errors in jdk.crypto.mscapi with VS 2017


Priority Bug Summary
P3 JDK-8140470 javax/xml/crypto/dsig/SecurityManager/ test failed with AccessControlException
P5 JDK-8203182 Release session if initialization of SunPKCS11 Signature fails


Priority Bug Summary
P2 JDK-8129988 JSSE should create a single instance of the cacerts KeyStore
P3 JDK-8208350 Disable all DES cipher suites
P3 JDK-8162362 Introduce system property to control enabled ciphersuites
P3 JDK-8203190 SessionId.hashCode generates too many collisions
P3 JDK-8029661 Support TLS v1.2 algorithm in SunPKCS11 provider


Priority Bug Summary
P4 JDK-8061305 Javadoc crashes when method name ends with "Property"