RFR: Disable all DES cipher suites
Jamil Nimeh
jamil.j.nimeh at oracle.com
Mon Aug 20 01:06:02 UTC 2018
Hello all,
This change adds all DES cipher suites to the jdk.tls.disabledAlgorithms
Security property. This will have the effect of making all DES-based
suites unavailable to SunJSSE SSLSocket and SSLEngine instances, even if
explicitly enabled using calls like SSLEngine.setEnabledCipherSuites()
or SSLSocket.setEnabledCipherSuites(). Users wishing to re-enable these
suites for legacy purposes must first alter the
jdk.tls.disabledAlgorithms property in the java.security file.
Please note that prior to this change, DES-based suites were available,
but not enabled by default on SSLSocket and SSLEngine objects. This
change just makes these suites no longer available without further
intervention.
This change also removes RC4_40 from this Security property as it is
already superseded by the RC4 identifier. It also cleans up a
cut-and-paste bug in a couple of the RC4_40 export suites (those suites
are disabled already).
Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8208350/webrev.01/
JBS: https://bugs.openjdk.java.net/browse/JDK-8208350
CSR: https://bugs.openjdk.java.net/browse/JDK-8209318
Thanks,
--Jamil
More information about the security-dev
mailing list