[8u] RFR: 8076221: Disable RC4 cipher suites
Artem Smotrakov
artem.smotrakov at oracle.com
Wed Apr 15 08:17:54 UTC 2015
cc'ing jdk8u-dev at openjdk.java.net
Would you please approve this backport to 8u-dev?
The difference is:
- JDK 9 has a single java.security file, but JDK 8u has java.security
file for each generic platform, so each file needs to be updated.
- Test names are different, but the changes are the same (reset
'jdk.tls.disabledAlgorithms' security property)
Webrev: http://cr.openjdk.java.net/~asmotrak/8076221/webrev.8u.00/
Bug: https://bugs.openjdk.java.net/browse/JDK-8076221
Changeset: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/23cde932f139
Artem
On 04/15/2015 10:42 AM, Xuelei Fan wrote:
> Looks fine to me.
>
> Xuelei
>
> On 4/15/2015 3:06 PM, Artem Smotrakov wrote:
>> Hello,
>>
>> RFC 7465 [1] has been published to prohibit RC4.
>>
>> Please review this fix which disables RC4 cipher suites in JDK 8u by
>> adding "RC4" to "jdk.tls.disabledAlgorithms" security property.
>>
>> Webrev: http://cr.openjdk.java.net/~asmotrak/8076221/webrev.8u.00/
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8076221
>>
>> [1] https://tools.ietf.org/html/rfc7465
>>
>> Artem
>>
More information about the security-dev
mailing list