Code review request, 8028518, Increase the priorities of GCM cipher suites
Xuelei Fan
Xuelei.Fan at Oracle.COM
Sat Jan 4 02:19:19 UTC 2014
On 1/4/2014 6:41 AM, Bradford Wetmore wrote:
> Looks ok to me, with the exception as you pointed out that this doesn't
> follow section 4 of RFC 6460.
Sorry, I did not get it. Would you mind point out the line number of
the concern?
> Why was this done, and how did you
> originally determine the original ciphersuite ordering for GCMs?
>
Per RFC 6460, there are two profiles, "Suite B Combination 1" and "Suite
B Combination 2". SunJSSE default cipher suite preference does not
compliant to the profiles at present. That's why it is said,
"The preference order of the GCM cipher suites does not follow the spec
of RFC 6460."
About the ordering, please refer to line 964-977 of CipherSuite.java
Thanks,
Xuelei
> Brad
>
>
> On 12/29/2013 7:56 PM, Xuelei Fan wrote:
>> Hi,
>>
>> Please review this small update.
>>
>> webrev: http://cr.openjdk.java.net/~xuelei/8028518/webrev.00/
>>
>> In TLS protocols, cipher suite specifies the crypto algorithms used in
>> TLS connections. The priorities of cipher suites define the preference
>> order that a cipher suite may be used in a TLS connection.
>>
>> When introducing the AEAD/GCM cipher suites in SunJSSE provider (JEP
>> 115)[1], for better compatibility and interoperability, we decided to
>> decrease the priority of cipher suites in GCM mode for a while before
>> GCM technologies mature in the industry.
>>
>> It's time to consider to increase the priorities of GCM mode cipher
>> suite in early stage of JDK 9.
>>
>> Thanks,
>> Xuelei
>>
>> [1] http://openjdk.java.net/jeps/115
More information about the security-dev
mailing list