[jdk8u-dev] RFR: 8279164: Disable TLS_ECDH_* cipher suites
Zdenek Zambersky
zzambers at openjdk.org
Tue Jun 11 17:05:36 UTC 2024
Backport disables `TLS_ECDH_*` cipher suites.
Not clean. Differences:
- there is more than one `java.security` file on 8u (one per system), because it does not have [JDK-6997010](https://bugs.openjdk.org/browse/JDK-6997010) (Consolidate java.security files into one file with modifications)
- changeset to `test/jdk/javax/net/ssl/DTLS/CipherSuite.java` is excluded, as there is no equivalent test on 8u, support for DTLS was only added in 9 by [JDK-8043758](https://bugs.openjdk.org/browse/JDK-8043758) (JEP 219: Datagram Transport Layer Security (DTLS))
- Parts of changeset to remaining files had to be done by hand, because of some context differences, as there are some intermediate changes not backported to 8u. (e.g. [JDK-8163327](https://bugs.openjdk.org/browse/JDK-8163327) (Remove 3DES from the default enabled cipher suites list))
Testing:
tier1: OK (only [known](https://bugs.openjdk.org/browse/JDK-8333788) CAInterop failures)
jdk_security: [OK](https://github.com/zzambers/jdk8u-dev/actions/runs/9466037907) (tested with modified GHA on top, modified security tests (by backport) passed, no regressions to [master](https://github.com/zzambers/jdk8u-dev/actions/runs/9467711902))
-------------
Commit messages:
- Backport 00d22f605d2b54f2774aeaa1edfbb146a5635f21
Changes: https://git.openjdk.org/jdk8u-dev/pull/519/files
Webrev: https://webrevs.openjdk.org/?repo=jdk8u-dev&pr=519&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8279164
Stats: 109 lines in 7 files changed: 13 ins; 62 del; 34 mod
Patch: https://git.openjdk.org/jdk8u-dev/pull/519.diff
Fetch: git fetch https://git.openjdk.org/jdk8u-dev.git pull/519/head:pull/519
PR: https://git.openjdk.org/jdk8u-dev/pull/519
More information about the jdk8u-dev
mailing list