[jdk11u-dev] RFR: 8301379: Verify TLS_ECDH_* cipher suites cannot be negotiated
Andrew John Hughes
andrew at openjdk.org
Mon Dec 22 18:32:33 UTC 2025
On Wed, 3 Dec 2025 15:10:30 GMT, Radek Cap <duke at openjdk.org> wrote:
> Backport of JDK-8301379 - Verify TLS_ECDH_* cipher suites cannot be negotiated
>
> Backporting for parity with 11.0.26-oracle.
>
> More or less a clean backport, just adding merge with the current jdk11u-dev repo state.
>
> Passed tier1 tests.
> Passed gtests.
>
> GH Actions are passing
Confirmed. I see failures on all the new tests:
~~~
Test Path: test/jdk/javax/net/ssl/ciphersuites
FAILED: javax/net/ssl/ciphersuites/DisabledAlgorithms.java
Passed: javax/net/ssl/ciphersuites/ECCurvesconstraints.java
FAILED: javax/net/ssl/ciphersuites/TLSWontNegotiateDisabledCipherAlgos.java#Client
FAILED: javax/net/ssl/ciphersuites/TLSWontNegotiateDisabledCipherAlgos.java#Server
Test results: passed: 1; failed: 3
Test Path: test/jdk/sun/security/ssl/SignatureScheme
Passed: sun/security/ssl/SignatureScheme/CustomizedClientSchemes.java
Passed: sun/security/ssl/SignatureScheme/CustomizedServerSchemes.java
FAILED: sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS12.java
FAILED: sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS13.java
Passed: sun/security/ssl/SignatureScheme/Tls13NamedGroups.java
Test results: passed: 3; failed: 2
~~~
I would have expected these to be checked before committing this change.
-------------
PR Comment: https://git.openjdk.org/jdk11u-dev/pull/3128#issuecomment-3683457951
More information about the jdk-updates-dev
mailing list