Bug 1302385

Summary: java-1.7.0-openjdk: Disable the RC4 cipher by default
Product: Red Hat Enterprise Linux 7 Reporter: Andrew John Hughes <ahughes>
Component: java-1.7.0-openjdkAssignee: Andrew John Hughes <ahughes>
Status: CLOSED ERRATA QA Contact: Lukáš Zachar <lzachar>
Severity: unspecified Docs Contact: Robert Krátký <rkratky>
Priority: unspecified    
Version: 7.2CC: ahughes, dbhole, isenfeld, jvanek, rkratky
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: java-1.7.0-openjdk-1.7.0.95-2.6.4.2.el7 Doc Type: Release Note
Doc Text:
RC4 is now disabled by default in OpenJDK 6 and OpenJDK 7 Earlier _OpenJDK_ packages allowed the RC4 cryptographic algorithm to be used when making secure connections using Transport Layer Security (TLS). This algorithm is no longer secure, and it has been disabled in this release. To retain its use, it is necessary to revert to the earlier setting of the `jdk.tls.disabledAlgorithms` of `SSLv3, DH keySize < 768`. This can be done permanently in the `<java.home>/jre/lib/security/java.security` file or by adding the following line: jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768 to a new text file and passing the location of that file to Java on the command line using the `-Djava.security.properties=<path to file>` argument.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-03 22:59:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1297579, 1313485    

Description Andrew John Hughes 2016-01-27 16:48:28 UTC 
Clone of bug 1217132 for RHEL 7.
Comment 4 Robert Krátký 2016-04-12 10:54:46 UTC 
Hi Andrew,

This bug has been selected for inclusion in 7.3 Release Notes. Could you please add info to the Docs Text field, so that I can use it to formulate the release note?

Perhaps it could be lumped together with bug #1302383?

Thanks.
Comment 5 Andrew John Hughes 2016-04-12 16:16:44 UTC 
Hi Robert,

Yes, that sounds like the right approach. We did the same for this pair of bugs in RHEL 6.8, and you should just be able to re-use the documentation text from bug #1217131 to cover both this and bug #1302383.
Comment 6 Robert Krátký 2016-04-12 16:44:02 UTC 
Great, thanks, Andrew. I didn't notice the 6.8 bug.
Comment 9 errata-xmlrpc 2016-11-03 22:59:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2140.html