[jdk8u-dev] RFR: 8279164: Disable TLS_ECDH_* cipher suites [v2]
Severin Gehwolf
sgehwolf at openjdk.org
Mon Jun 17 09:12:18 UTC 2024
On Fri, 14 Jun 2024 15:50:38 GMT, Zdenek Zambersky <zzambers at openjdk.org> wrote:
>> Backport disables `TLS_ECDH_*` cipher suites.
>>
>> Not clean. Differences:
>> - there is more than one `java.security` file on 8u (one per system), because it does not have [JDK-6997010](https://bugs.openjdk.org/browse/JDK-6997010) (Consolidate java.security files into one file with modifications)
>> - changeset to `test/jdk/javax/net/ssl/DTLS/CipherSuite.java` is excluded, as there is no equivalent test on 8u, support for DTLS was only added in 9 by [JDK-8043758](https://bugs.openjdk.org/browse/JDK-8043758) (JEP 219: Datagram Transport Layer Security (DTLS))
>> - Parts of changeset to remaining files had to be done by hand, because of some context differences, as there are some intermediate changes not backported to 8u. (e.g. [JDK-8163327](https://bugs.openjdk.org/browse/JDK-8163327) (Remove 3DES from the default enabled cipher suites list))
>>
>> Testing:
>> tier1: OK (only [known](https://bugs.openjdk.org/browse/JDK-8333788) CAInterop failures)
>> jdk_security: [OK](https://github.com/zzambers/jdk8u-dev/actions/runs/9466037907) (tested with modified GHA on top, modified security tests (by backport) passed, no regressions to [master](https://github.com/zzambers/jdk8u-dev/actions/runs/9467711902))
>
> Zdenek Zambersky has updated the pull request incrementally with one additional commit since the last revision:
>
> Put ECDH on new line
Adding this in order to move this PR forward. We have a CSR that is approved and we'll link it manually (if need be) once pushed.
-------------
PR Comment: https://git.openjdk.org/jdk8u-dev/pull/519#issuecomment-2172778478
More information about the jdk8u-dev
mailing list