Code review request, 8028518, Increase the priorities of GCM cipher suites

Xuelei Fan Xuelei.Fan at Oracle.COM
Fri Jan 3 18:19:19 PST 2014


On 1/4/2014 6:41 AM, Bradford Wetmore wrote:
> Looks ok to me, with the exception as you pointed out that this doesn't
> follow section 4 of RFC 6460.
Sorry, I did not get it.  Would you mind point out the line number of 
the concern?

>  Why was this done, and how did you
> originally determine the original ciphersuite ordering for GCMs?
>
Per RFC 6460, there are two profiles, "Suite B Combination 1" and "Suite 
B Combination 2".  SunJSSE default cipher suite preference does not 
compliant to the profiles at present.  That's why it is said,
"The preference order of the GCM cipher suites does not follow the spec 
of RFC 6460."

About the ordering, please refer to line 964-977 of CipherSuite.java

Thanks,
Xuelei

> Brad
>
>
> On 12/29/2013 7:56 PM, Xuelei Fan wrote:
>> Hi,
>>
>> Please review this small update.
>>
>> webrev: http://cr.openjdk.java.net/~xuelei/8028518/webrev.00/
>>
>> In TLS protocols, cipher suite specifies the crypto algorithms used in
>> TLS connections.  The priorities of cipher suites define the preference
>> order that a cipher suite may be used in a TLS connection.
>>
>> When introducing the AEAD/GCM cipher suites in SunJSSE provider (JEP
>> 115)[1], for better compatibility and interoperability, we decided to
>> decrease the priority of cipher suites in GCM mode for a while before
>> GCM technologies mature in the industry.
>>
>> It's time to consider to increase the priorities of GCM mode cipher
>> suite in early stage of JDK 9.
>>
>> Thanks,
>> Xuelei
>>
>> [1] http://openjdk.java.net/jeps/115



More information about the security-dev mailing list