In previous version of Java RC4 was enabled at that time my app worked fine but after Java 8 U 77 update it doesn't any more use the following ciphers which are need to work with one of my legacy servers.
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
I modified the java.security and the disabled algorithm section look like below,
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
Still I can't get the above suites working. Any idea of enabling them, I also tried adding them when running the application,
java -Djavax.net.debug=all -Djavax.net.debug=ssl:handshake:verbose -Dhttps.cipherSuites="TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5" <myApp>
Still no luck, Thanks in advance.
For fixing this issue what we have to do is to re enable RC4, and MD5 (both are now treated as compromised algorithms). That has to be done by modifying the “java.security” configuration ( by removing RC4 and MD5 from jdk.tls.disabledAlgorithms, jdk.certpath.disabledAlgorithms ) file and re adding the above mentioned “Absences cipher suites” using the “SSLSocket/SSLEngine.setEnabledCipherSuites()”. For more information on re adding RC4 related ciphers please refer the Java 8 Update 60 (8u60) section of the java 8 release highlight (https://java.com/en/download/faq/release_changes.xml) and the following reference (http://bugs.java.com/view_bug.do?bug_id=8076221)
The release notes of Oracle JRE 8u51 mention a new security property called
jdk.tls.legacyAlgorithms
to which RC4 has been added:I assume that you have to remove
RC4_40
from that property list in the java.security file to make it usable again.