[jdk11u-dev] RFR: 8245545: Disable TLS_RSA cipher suites [v6]
David Sladký
duke at openjdk.org
Wed Dec 3 11:42:23 UTC 2025
> Backport of [JDK-8245545](https://bugs.openjdk.org/browse/JDK-8245545) - Disable TLS_RSA cipher suites
>
> Some TLS suites do not preserve forward-secrecy and are not commonly used - and should not be used.
>
> Not clean back port. This includes:
> - Selection of disabled tests and some include that is in jdk11 but not in jdk17.
> - Changed indentation of edited block of string defining disabled cipher suites.
> - Bunch of copyright notices.
>
> Tested on Fedora 43:
> - gtests passed
> - T1 have same fails before and after the back port -> not related to this.
> - jtreg:test/jdk/sun/security passed.
> - jtreg:test/jdk/javax/net/ssl passed.
> - Github Actions passed.
David Sladký has updated the pull request incrementally with one additional commit since the last revision:
Revert undesired change in access modifier of disabled_ciphersuites
-------------
Changes:
- all: https://git.openjdk.org/jdk11u-dev/pull/3124/files
- new: https://git.openjdk.org/jdk11u-dev/pull/3124/files/f43f57ec..a8c23aea
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk11u-dev&pr=3124&range=05
- incr: https://webrevs.openjdk.org/?repo=jdk11u-dev&pr=3124&range=04-05
Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
Patch: https://git.openjdk.org/jdk11u-dev/pull/3124.diff
Fetch: git fetch https://git.openjdk.org/jdk11u-dev.git pull/3124/head:pull/3124
PR: https://git.openjdk.org/jdk11u-dev/pull/3124
More information about the jdk-updates-dev
mailing list