[jdk8u-dev] RFR: 8279164: Disable TLS_ECDH_* cipher suites [v2]
Zdenek Zambersky
zzambers at openjdk.org
Fri Jun 14 15:50:38 UTC 2024
On Fri, 14 Jun 2024 11:51:34 GMT, Severin Gehwolf <sgehwolf at openjdk.org> wrote:
>> jdk/src/share/lib/security/java.security-aix line 706:
>>
>>> 704: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
>>> 705: jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
>>> 706: DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, ECDH, \
>>
>> Please move the `ECDH` addition to a new line to match the [JDK 11 backport](https://github.com/openjdk/jdk11u-dev/commit/5dddf69319480251cdc904cf7a1d4fcd81573bb8) more closely.
>> Suggestion:
>>
>> DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
>> ECDH, \
>
> This makes future reviews easier.
fixed
-------------
PR Review Comment: https://git.openjdk.org/jdk8u-dev/pull/519#discussion_r1640011733
More information about the jdk8u-dev
mailing list