[jdk11u-dev] RFR: 8245545: Disable TLS_RSA cipher suites [v6]
Andrew John Hughes
andrew at openjdk.org
Wed Dec 3 11:49:22 UTC 2025
On Wed, 3 Dec 2025 11:42:23 GMT, David Sladký <duke at openjdk.org> wrote:
>> Backport of [JDK-8245545](https://bugs.openjdk.org/browse/JDK-8245545) - Disable TLS_RSA cipher suites
>>
>> Some TLS suites do not preserve forward-secrecy and are not commonly used - and should not be used.
>>
>> Not clean back port. This includes:
>> - Selection of disabled tests and some include that is in jdk11 but not in jdk17.
>> - Changed indentation of edited block of string defining disabled cipher suites.
>> - Bunch of copyright notices.
>>
>> Tested on Fedora 43:
>> - gtests passed
>> - T1 have same fails before and after the back port -> not related to this.
>> - jtreg:test/jdk/sun/security passed.
>> - jtreg:test/jdk/javax/net/ssl passed.
>> - Github Actions passed.
>
> David Sladký has updated the pull request incrementally with one additional commit since the last revision:
>
> Revert undesired change in access modifier of disabled_ciphersuites
Great, thanks.
-------------
Marked as reviewed by andrew (Reviewer).
PR Review: https://git.openjdk.org/jdk11u-dev/pull/3124#pullrequestreview-3534673822
More information about the jdk-updates-dev
mailing list