[jdk8u-dev] RFR: 8279164: Disable TLS_ECDH_* cipher suites [v2]
Martin Balao
mbalao at openjdk.org
Sat Jun 15 02:43:17 UTC 2024
On Fri, 14 Jun 2024 15:50:38 GMT, Zdenek Zambersky <zzambers at openjdk.org> wrote:
>> Backport disables `TLS_ECDH_*` cipher suites.
>>
>> Not clean. Differences:
>> - there is more than one `java.security` file on 8u (one per system), because it does not have [JDK-6997010](https://bugs.openjdk.org/browse/JDK-6997010) (Consolidate java.security files into one file with modifications)
>> - changeset to `test/jdk/javax/net/ssl/DTLS/CipherSuite.java` is excluded, as there is no equivalent test on 8u, support for DTLS was only added in 9 by [JDK-8043758](https://bugs.openjdk.org/browse/JDK-8043758) (JEP 219: Datagram Transport Layer Security (DTLS))
>> - Parts of changeset to remaining files had to be done by hand, because of some context differences, as there are some intermediate changes not backported to 8u. (e.g. [JDK-8163327](https://bugs.openjdk.org/browse/JDK-8163327) (Remove 3DES from the default enabled cipher suites list))
>>
>> Testing:
>> tier1: OK (only [known](https://bugs.openjdk.org/browse/JDK-8333788) CAInterop failures)
>> jdk_security: [OK](https://github.com/zzambers/jdk8u-dev/actions/runs/9466037907) (tested with modified GHA on top, modified security tests (by backport) passed, no regressions to [master](https://github.com/zzambers/jdk8u-dev/actions/runs/9467711902))
>
> Zdenek Zambersky has updated the pull request incrementally with one additional commit since the last revision:
>
> Put ECDH on new line
Looks good to me.
-------------
Marked as reviewed by mbalao (Reviewer).
PR Review: https://git.openjdk.org/jdk8u-dev/pull/519#pullrequestreview-2119809886
More information about the jdk8u-dev
mailing list