diff --git a/src/share/classes/java/rmi/server/RMISocketFactory.java b/src/share/classes/java/rmi/server/RMISocketFactory.java
index ec9ade2f54c875ad6b9ca7178e3b433bf0ed2cb6..c9b8a4786a4c7dc0fe629e33e89996cee28fe0b2 100644
--- a/src/share/classes/java/rmi/server/RMISocketFactory.java
+++ b/src/share/classes/java/rmi/server/RMISocketFactory.java
@@ -41,7 +41,15 @@ import java.net.*;
  * (due to a firewall), the runtime uses HTTP with the explicit port
  * number of the server.  If the firewall does not allow this type of
  * communication, then HTTP to a cgi-bin script on the server is used
- * to POST the RMI call.
+ * to POST the RMI call. The HTTP tunneling mechanisms are disabled by
+ * default. This behavior is controlled by the {@code java.rmi.server.disableHttp}
+ * property, whose default value is {@code true}. Setting this property's
+ * value to {@code false} will enable the HTTP tunneling mechanisms.
+ *
+ * <p><strong>Deprecated: HTTP Tunneling.</strong> <em>The HTTP tunneling mechanisms
+ * described above, specifically HTTP with an explicit port and HTTP to a
+ * cgi-bin script, are deprecated. These HTTP tunneling mechanisms are
+ * subject to removal in a future release of the platform.</em>
  *
  * <p>The default socket factory implementation creates server sockets that
  * are bound to the wildcard address, which accepts requests from all network
diff --git a/src/share/classes/java/rmi/server/package.html b/src/share/classes/java/rmi/server/package.html
index 290ca9a4ba2fb6e73123807fb6cb89ae48fb571e..98b76699fa5c5f20acf73a492af746675459d10f 100644
--- a/src/share/classes/java/rmi/server/package.html
+++ b/src/share/classes/java/rmi/server/package.html
@@ -1,5 +1,5 @@
 <!--
- Copyright (c) 1998, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
  DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 
  This code is free software; you can redistribute it and/or modify it
@@ -32,6 +32,10 @@ side of RMI.  A group of classes are used by the stubs and skeletons
 generated by the rmic stub compiler.  Another group of classes
 implements the RMI Transport protocol and HTTP tunneling.
 
+<p><strong>Deprecated: HTTP Tunneling.</strong> <em>The HTTP tunneling
+mechanism has been deprecated. See {@link java.rmi.server.RMISocketFactory} for
+further information.</em>
+
 <!--
 <h2>Package Specification</h2>
 
diff --git a/src/share/classes/sun/rmi/transport/proxy/RMIMasterSocketFactory.java b/src/share/classes/sun/rmi/transport/proxy/RMIMasterSocketFactory.java
index e77e224597ff01d245a0505165014e04ac857e04..da819be7c285bb18b21429507534a89f2feae36b 100644
--- a/src/share/classes/sun/rmi/transport/proxy/RMIMasterSocketFactory.java
+++ b/src/share/classes/sun/rmi/transport/proxy/RMIMasterSocketFactory.java
@@ -34,6 +34,7 @@ import sun.rmi.runtime.Log;
 import sun.rmi.runtime.NewThreadAction;
 import sun.security.action.GetBooleanAction;
 import sun.security.action.GetLongAction;
+import sun.security.action.GetPropertyAction;
 
 /**
  * RMIMasterSocketFactory attempts to create a socket connection to the
@@ -103,22 +104,21 @@ public class RMIMasterSocketFactory extends RMISocketFactory {
         try {
             String proxyHost;
             proxyHost = java.security.AccessController.doPrivileged(
-                new sun.security.action.GetPropertyAction("http.proxyHost"));
+                new GetPropertyAction("http.proxyHost"));
 
             if (proxyHost == null)
                 proxyHost = java.security.AccessController.doPrivileged(
-                    new sun.security.action.GetPropertyAction("proxyHost"));
+                    new GetPropertyAction("proxyHost"));
 
-            Boolean tmp = java.security.AccessController.doPrivileged(
-                new sun.security.action.GetBooleanAction("java.rmi.server.disableHttp"));
+            boolean disable = java.security.AccessController.doPrivileged(
+                new GetPropertyAction("java.rmi.server.disableHttp", "true"))
+                .equalsIgnoreCase("true");
 
-            if (!tmp.booleanValue() &&
-                (proxyHost != null && proxyHost.length() > 0)) {
+            if (!disable && proxyHost != null && proxyHost.length() > 0) {
                 setFactories = true;
             }
         } catch (Exception e) {
-            // unable to obtain the properties, so assume default behavior.
-            setFactories = true;
+            // unable to obtain the properties, so use the default behavior.
         }
 
         if (setFactories) {
diff --git a/test/sun/rmi/transport/proxy/DisableHttpDefaultValue.java b/test/sun/rmi/transport/proxy/DisableHttpDefaultValue.java
new file mode 100644
index 0000000000000000000000000000000000000000..59c39fce737b1b7544aeefb88060664cc5cc614c
--- /dev/null
+++ b/test/sun/rmi/transport/proxy/DisableHttpDefaultValue.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* @test
+ * @bug 8023862
+ * @summary Verify that the default value of the java.rmi.server.disableHttp
+ *          has been changed from false to true.
+ * @compile -XDignore.symbol.file DisableHttpDefaultValue.java
+ *
+ * @run main/othervm                                     DisableHttpDefaultValue true
+ * @run main/othervm -Djava.rmi.server.disableHttp       DisableHttpDefaultValue false
+ * @run main/othervm -Djava.rmi.server.disableHttp=false DisableHttpDefaultValue false
+ * @run main/othervm -Djava.rmi.server.disableHttp=xyzzy DisableHttpDefaultValue false
+ * @run main/othervm -Djava.rmi.server.disableHttp=true  DisableHttpDefaultValue true
+ */
+
+import sun.rmi.transport.proxy.RMIMasterSocketFactory;
+
+public class DisableHttpDefaultValue {
+    /**
+     * Subclass RMIMasterSocketFactory to get access to
+     * protected field altFactoryList. This list has a
+     * zero size if proxying is disabled.
+     */
+    static class SocketFactory extends RMIMasterSocketFactory {
+        boolean proxyDisabled() {
+            return altFactoryList.size() == 0;
+        }
+    }
+
+    /**
+     * Takes a single arg, which is the expected boolean value of
+     * java.rmi.server.disableHttp.
+     */
+    public static void main(String[] args) throws Exception {
+        // Force there to be a proxy host, so that we are able to
+        // tell whether proxying is enabled or disabled.
+        System.setProperty("http.proxyHost", "proxy.example.com");
+
+        String propval = System.getProperty("java.rmi.server.disableHttp");
+        String propdisp = (propval == null) ? "null" : ("\"" + propval + "\"");
+        boolean expected = Boolean.parseBoolean(args[0]);
+        boolean actual = new SocketFactory().proxyDisabled();
+        System.out.printf("### prop=%s exp=%s act=%s%n", propdisp, expected, actual);
+        if (expected != actual)
+            throw new AssertionError();
+    }
+}