RC4-based TLS ciphersuites (e.g., TLS_RSA_WITH_RC4_128_SHA) are now considered compromised and should no longer be used (see RFC 7465). The dns_lookup_realm setting in Kerberos' nf file is by default false. Synopsis: dns_lookup_realm should be false by default Changes in Deployment Rule Set v1.2 - JDK 8u60 implements Deployment Rule Set (DRS) 1.2.