[jdk8u-dev] RFR: 8279164: Disable TLS_ECDH_* cipher suites
Severin Gehwolf
sgehwolf at openjdk.org
Thu Jun 13 16:54:18 UTC 2024
On Tue, 11 Jun 2024 16:55:53 GMT, Zdenek Zambersky <zzambers at openjdk.org> wrote:
> Backport disables `TLS_ECDH_*` cipher suites.
>
> Not clean. Differences:
> - there is more than one `java.security` file on 8u (one per system), because it does not have [JDK-6997010](https://bugs.openjdk.org/browse/JDK-6997010) (Consolidate java.security files into one file with modifications)
> - changeset to `test/jdk/javax/net/ssl/DTLS/CipherSuite.java` is excluded, as there is no equivalent test on 8u, support for DTLS was only added in 9 by [JDK-8043758](https://bugs.openjdk.org/browse/JDK-8043758) (JEP 219: Datagram Transport Layer Security (DTLS))
> - Parts of changeset to remaining files had to be done by hand, because of some context differences, as there are some intermediate changes not backported to 8u. (e.g. [JDK-8163327](https://bugs.openjdk.org/browse/JDK-8163327) (Remove 3DES from the default enabled cipher suites list))
>
> Testing:
> tier1: OK (only [known](https://bugs.openjdk.org/browse/JDK-8333788) CAInterop failures)
> jdk_security: [OK](https://github.com/zzambers/jdk8u-dev/actions/runs/9466037907) (tested with modified GHA on top, modified security tests (by backport) passed, no regressions to [master](https://github.com/zzambers/jdk8u-dev/actions/runs/9467711902))
@zzambers Could you please try a new PR title? `Backport 5dddf69319480251cdc904cf7a1d4fcd81573bb8` which is the OpenJDK 11u commit (instead of the JDK head version's). Hopefully it'll see the correct CSR then. Thanks!
-------------
PR Comment: https://git.openjdk.org/jdk8u-dev/pull/519#issuecomment-2166233548
More information about the jdk8u-dev
mailing list