Code Review Request JDK-8162362, Cannot enable previously default enabled cipher suites
Xuelei Fan
xuelei.fan at oracle.com
Tue Aug 2 15:34:38 UTC 2016
Ping ...
On 7/29/2016 11:23 PM, Xuelei Fan wrote:
> Hi,
>
> Please review the fix for JDK-8162362:
>
> http://cr.openjdk.java.net/~xuelei/8162362/webrev.00/
>
> If a cipher suite is getting weak or vulnerable, it is normally removed
> from the default enabled list in JDK. The compatibility impact of the
> removing is normally minimal as if there are other available cipher
> suites enabled.
>
> However, some applications may want to support the disabled cipher
> suites in JDK. If the source code is not accessible, there is not much
> workaround to have the cipher suite back to work if it is removed from
> the default enabled list in JDK.
>
> This fix introduces two new system properties, which can be used to
> customize the default enabled cipher suites.
>
> The system property "jdk.tls.client.cipherSuites" is used to customize
> the default enabled cipher suites for client side of SSL/TLS/DTLS
> connections. Similarly, the system property
> "jdk.tls.server.cipherSuites" is used for server side.
>
> The system property contains a comma-separated list of supported cipher
> suite names specifying the default enabled cipher suites. All other
> supported cipher suites are disabled for this default setting.
> Unrecognized or unsupported cipher suite name specified in the property
> is ignored. Explicit setting of enabled cipher suites will override the
> system property.
>
> Thanks,
> Xuelei
>
More information about the security-dev
mailing list