JEP 115: AES-GCM CipherSuites in JDK 8
Java SE had already defined the AES-GCM interfaces in Java SE 7. In the coming Java SE 8, as an implementation of JEP 115, AES-GCM algorithms is implemented in SunJCE provider, and AES-GCM cipher suites are implemented in SunJSSE provider.
The following SSL/TLS AEAD/GCM cipher suites, in preference order, are enabled by default in SunJSSE provider for TLS version 1.2:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (RFC 5289) TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (RFC 5289) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (RFC 5289) TLS_RSA_WITH_AES_256_GCM_SHA384 (RFC 5288) TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (RFC 5289) TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (RFC 5289) TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (RFC 5288) TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (RFC 5288) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (RFC 5289) TLS_RSA_WITH_AES_128_GCM_SHA256 (RFC 5288) TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (RFC 5289) TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (RFC 5289) TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (RFC 5288) TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (RFC 5288)
The following SSL/TLS AEAD/GCM cipher suites are supported but not enabled by default in SunJSSE provider for TLS version 1.2:
TLS_DH_anon_WITH_AES_256_GCM_SHA384 (RFC 5288) TLS_DH_anon_WITH_AES_128_GCM_SHA256 (RFC 5288)
The following SSL/TLS AEAD/GCM cipher suites are defined, but not implemented or supported by SunJSSE provider:
TLS_DH_RSA_WITH_AES_128_GCM_SHA256 (RFC 5288) TLS_DH_RSA_WITH_AES_256_GCM_SHA384 (RFC 5288) TLS_DH_DSS_WITH_AES_128_GCM_SHA256 (RFC 5288) TLS_DH_DSS_WITH_AES_256_GCM_SHA384 (RFC 5288)
For better compatibility and interoperability, in JDK 8, it is decided to decrease the preference priority of cipher suites in GCM mode for a while before GCM technologies mature in the industry. New developments in TLS security have occurred recently, the industry is moving towards TLS 1.1/1.2 and the use of GCM-based cipher suites. The preference priority of GCM-based cipher suites by default may be increased in JDK 9, or a JDK 8 update release in the future.
Enojoy this new feature!