Hi, Please review the fix for JDK-8162362:
http://cr.openjdk.java.net/~xuelei/8162362/webrev.00/ If a cipher suite is getting weak or vulnerable, it is normally removed from the default enabled list in JDK. The compatibility impact of the removing is normally minimal as if there are other available cipher suites enabled. However, some applications may want to support the disabled cipher suites in JDK. If the source code is not accessible, there is not much workaround to have the cipher suite back to work if it is removed from the default enabled list in JDK. This fix introduces two new system properties, which can be used to customize the default enabled cipher suites. The system property "jdk.tls.client.cipherSuites" is used to customize the default enabled cipher suites for client side of SSL/TLS/DTLS connections. Similarly, the system property "jdk.tls.server.cipherSuites" is used for server side. The system property contains a comma-separated list of supported cipher suite names specifying the default enabled cipher suites. All other supported cipher suites are disabled for this default setting. Unrecognized or unsupported cipher suite name specified in the property is ignored. Explicit setting of enabled cipher suites will override the system property. Thanks, Xuelei
