[jdk11u-dev] RFR: 8245545: Disable TLS_RSA cipher suites [v5]
David Sladký
duke at openjdk.org
Wed Dec 3 10:43:41 UTC 2025
On Wed, 3 Dec 2025 10:36:05 GMT, David Sladký <duke at openjdk.org> wrote:
>> Backport of [JDK-8245545](https://bugs.openjdk.org/browse/JDK-8245545) - Disable TLS_RSA cipher suites
>>
>> Some TLS suites do not preserve forward-secrecy and are not commonly used - and should not be used.
>>
>> Not clean back port. This includes:
>> - Selection of disabled tests and some include that is in jdk11 but not in jdk17.
>> - Changed indentation of edited block of string defining disabled cipher suites.
>> - Bunch of copyright notices.
>>
>> Tested on Fedora 43:
>> - gtests passed
>> - T1 have same fails before and after the back port -> not related to this.
>> - jtreg:test/jdk/sun/security passed.
>> - jtreg:test/jdk/javax/net/ssl passed.
>> - Github Actions passed.
>
> David Sladký has updated the pull request incrementally with three additional commits since the last revision:
>
> - Revert undesired copyright change
> - Remove undesired indentation
> - Remove undesired refactor
1. Refactor from different issue was removed.
2. Indentation from different issue was removed.
3. Change in copyright was reverted.
This should address all the points you raised. Please let me know if I missed something.
JDK-8298867 & JDK-830137 -> I will look into them later.
-------------
PR Comment: https://git.openjdk.org/jdk11u-dev/pull/3124#issuecomment-3606199842
More information about the jdk-updates-dev
mailing list