[jdk11u-dev] RFR: 8374213: [11u] [BACKOUT] JDK-8301379 Verify TLS_ECDH_* cipher suites cannot be negotiated
Andrew John Hughes
andrew at openjdk.org
Tue Feb 3 20:44:35 UTC 2026
On Mon, 5 Jan 2026 08:16:23 GMT, Antonio Vieiro <avieiro at openjdk.org> wrote:
> Backout of [JDK-8301379](https://bugs.openjdk.org/browse/JDK-8301379) to JDK-11, that made three security tests to fail.
>
> Backporting JDK-8301379 may require a previous backport of the following test refactorings from JDK-17:
>
> - 8306015: Update sun.security.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate
> - 8306014: Update javax.net.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate
> - 8284047: Harmonize/Standardize the SSLSocket/SSLEngine/SSLSocketSSLEngine test templates
>
> This backout makes all security tests to pass again:
>
>
> ==============================
> Test summary
> ==============================
> TEST TOTAL PASS FAIL ERROR
> jtreg:test/jdk:jdk_security 1361 1361 0 0
> ==============================
> TEST SUCCESS
I can confirm this matches what I get with `git revert` and the resulting `test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java` is identical to that from before the backport. Backout is the right option both to fix the test and to [fix parts of the backport being omitted](https://github.com/openjdk/jdk11u-dev/pull/3128#issuecomment-3683813371)
Do you plan to backport the other changes or try and port the test to current 11u? I think the former is preferable long term, if feasible.
-------------
Marked as reviewed by andrew (Reviewer).
PR Review: https://git.openjdk.org/jdk11u-dev/pull/3136#pullrequestreview-3747461154
More information about the jdk-updates-dev
mailing list