[jdk11u-dev] RFR: 8301379: Verify TLS_ECDH_* cipher suites cannot be negotiated
Antonio Vieiro
avieiro at openjdk.org
Mon Dec 22 16:11:35 UTC 2025
On Wed, 3 Dec 2025 15:10:30 GMT, Radek Cap <duke at openjdk.org> wrote:
> Backport of JDK-8301379 - Verify TLS_ECDH_* cipher suites cannot be negotiated
>
> Backporting for parity with 11.0.26-oracle.
>
> More or less a clean backport, just adding merge with the current jdk11u-dev repo state.
>
> Passed tier1 tests.
> Passed gtests.
>
> GH Actions are passing
Hi @RadekCap , @phohensee ,
I've run `run-test-jdk_security` on top of this PR on Linux and I have three failures:
==============================
Test summary
==============================
TEST TOTAL PASS FAIL ERROR
>> jtreg:test/jdk:jdk_security 1361 1358 3 0 <<
==============================
Namely:
- javax/net/ssl/ciphersuites/DisabledAlgorithms.java: Check if weak cipher suites are disabled
- javax/net/ssl/ciphersuites/TLSWontNegotiateDisabledCipherAlgos.java#Client: Verify that Java will not negotiate disabled cipher suites when the other side of the connection requests them.
- javax/net/ssl/ciphersuites/TLSWontNegotiateDisabledCipherAlgos.java#Server: Verify that Java will not negotiate disabled cipher suites when the other side of the connection requests them.
Would you please verify I'm right? Thanks!
-------------
PR Comment: https://git.openjdk.org/jdk11u-dev/pull/3128#issuecomment-3682741838
More information about the jdk-updates-dev
mailing list