CSR Review Request, JDK-8163326, The default enabled cipher suites should prefer forward secrecy
Bernd Eckenfels
ecki at zusammenkunft.net
Wed Mar 6 23:41:42 UTC 2019
I am not clear on what would „preferred in current default context“ mean. Does that mean it preferred the PFS ciphers anyway.. for suggested order in client handshake? as server? And what would be the non-Default context. Is this „TLS“ context?
Gruss
Bernd
--
http://bernd.eckenfels.net
________________________________
Von: security-dev <security-dev-bounces at openjdk.java.net> im Auftrag von Sean Mullan <sean.mullan at oracle.com>
Gesendet: Mittwoch, März 6, 2019 9:12 PM
An: security-dev at openjdk.java.net
Betreff: Re: CSR Review Request, JDK-8163326, The default enabled cipher suites should prefer forward secrecy
Hi Xuelei,
In the Specification section, I think it would be useful to note which
cipher suites are forward secret and which are not. Otherwise, it is
difficult to see what has changed, since there are so many supported
suites. Perhaps in parentheses, ex:
TLS_AES_128_GCM_SHA256 (forward secret)
...
I also think you should summarize what has changed or what is roughly
the new order, for example:
- The TLS_RSA suites have moved down ...
- The TLS_ECDH suites have moved
- The SSL_RSA suites have moved down ...
etc...
--Sean
On 2/21/19 4:45 PM, Xuelei Fan wrote:
> Hi,
>
> Could I get the CSR reviewed?
> https://bugs.openjdk.java.net/browse/JDK-8219545
>
> It is proposed to increase the priority of forward secrecy cipher
> suites, and decrease the priority of RSA key exchange based cipher
> suites for the default enabled cipher suites in the SunJSSE provider.
>
> Thanks,
> Xuelei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20190306/949aead2/attachment.htm>
More information about the security-dev
mailing list