Answer: January 20, 2026
| JDK Version | Release Date | TLS_RSA_* Status |
|---|---|---|
| JDK 11.0.29 and earlier | Before Jan 20, 2026 | ✅ Available |
| JDK 11.0.30+ | January 20, 2026 | ❌ DISABLED |
| JDK 17.0.17 and earlier | Before Jan 20, 2026 | ✅ Available |
| JDK 17.0.18+ | January 20, 2026 | ❌ DISABLED |
| JDK 21.0.9 and earlier | Before Jan 20, 2026 | ✅ Available |
| JDK 21.0.10+ | January 20, 2026 | ❌ DISABLED |
| JDK 24+ | Released earlier | ❌ DISABLED |
RFC 7525 (May 2015) -> Obsoleted by RFC 9325 (November 2022)
RFC 7525 recommended cipher suites:
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
RFC 9325 recommended cipher suites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Flink uses java 11 as minimal version and all RFC 9325 proposed cipher suites are supported.
Please see reference.
TLS_RSA_WITH_AES_128_CBC_SHA is a legacy cipher suite with multiple serious security vulnerabilities. While it was standard practice for nearly 20 years, it should no longer be used in production systems.
| Year | Event |
|---|---|
| 2002 | Created - Defined in RFC 3268 (June 2002) |
| 2002-2010 | Widely deployed as standard TLS cipher suite |
| 2008 | TLS 1.2 released with better alternatives |
| 2011 | BEAST attack discovered - CBC vulnerability exposed |
| 2013 | Lucky13 attack discovered - Timing attack on CBC |
| 2014 | POODLE attack - Further CBC exploitation |
| 2015 | RFC 7525 recommends avoiding CBC mode |
| 2018 | Industry begins widespread deprecation |
| 2022 | RFC 9325 explicitly recommends against RSA key exchange |
| 2026 | JDK disables all TLS_RSA_ cipher suites* (Jan 20, 2026) |
Age: 22+ years old (2002-2024)
- Link: RFC 9325 Section 4.1
- Impact: If the server's private key is ever compromised, an attacker can decrypt all past recorded TLS sessions retroactively.
- Link: CVE-2011-3389
- Impact: Allows attackers to decrypt HTTP cookies and hijack user sessions by exploiting predictable initialization vectors in TLS 1.0 CBC mode.
- Link: CVE-2013-0169
- Impact: Enables attackers to decrypt arbitrary ciphertext through timing side-channel attacks on the MAC-then-encrypt design of CBC mode.
- Link: CVE-2014-3566
- Impact: Allows attackers to decrypt encrypted messages through padding oracle exploitation with no known complete mitigation for CBC mode.
- JDK-8245545: Disable TLS_RSA cipher suites - Oracle disabled all TLS_RSA_* cipher suites in Jan 2026
- RFC 7457: Summarization of Known Attacks on TLS
| Java Version | Year | ECDSA Support |
|---|---|---|
| Java 7 | 2011 | ✅ ECDSA added (SunEC provider) |
| Java 8 | 2014 | ✅ Mature ECDSA support |
| Java 11 | 2018 | ✅ Full ECDSA support (Flink's minimum) |
Flink is not supporting it but now it's time to integrate.
From my tests:
- 4.2 KB (RSA 4096-bit keystore) vs 1.0 KB (ECDSA P-256 keystore) = 75% smaller
- Equivalent security: 256-bit ECDSA ≈ 3072-bit RSA
- Faster TLS handshakes (faster signing)
- Modern standard (Google, Let's Encrypt use ECDSA)