CSR Review Request, JDK-8163326, The default enabled cipher suites should prefer forward secrecy

[Xuelei Fan]

Hi,

I extended this CSR to cover more update, and update per the comments. 
Please let me know your concerns by the end of March 21, 2019.

Thanks,
Xuelei

On 3/6/2019 3:41 PM, Bernd Eckenfels wrote:
> I am not clear on what would „preferred in current default context“ 
> mean. Does that mean it preferred the PFS ciphers anyway.. for suggested 
> order in client handshake? as server? And what would be the non-Default 
> context. Is this „TLS“ context?
> 
> Gruss
> Bernd
> -- 
> http://bernd.eckenfels.net
> ------------------------------------------------------------------------
> *Von:* security-dev <security-dev-bounces at openjdk.java.net> im Auftrag 
> von Sean Mullan <sean.mullan at oracle.com>
> *Gesendet:* Mittwoch, März 6, 2019 9:12 PM
> *An:* security-dev at openjdk.java.net
> *Betreff:* Re: CSR Review Request, JDK-8163326, The default enabled 
> cipher suites should prefer forward secrecy
> Hi Xuelei,
> 
> In the Specification section, I think it would be useful to note which
> cipher suites are forward secret and which are not. Otherwise, it is
> difficult to see what has changed, since there are so many supported
> suites. Perhaps in parentheses, ex:
> 
> TLS_AES_128_GCM_SHA256 (forward secret)
> ...
> 
> I also think you should summarize what has changed or what is roughly
> the new order, for example:
> 
> - The TLS_RSA suites have moved down ...
> - The TLS_ECDH suites have moved
> - The SSL_RSA suites have moved down ...
> etc...
> 
> --Sean
> 
> On 2/21/19 4:45 PM, Xuelei Fan wrote:
>  > Hi,
>  >
>  > Could I get the CSR reviewed?
>  >     https://bugs.openjdk.java.net/browse/JDK-8219545
>  >
>  > It is proposed to increase the priority of forward secrecy cipher
>  > suites, and decrease the priority of RSA key exchange based cipher
>  > suites for the default enabled cipher suites in the SunJSSE provider.
>  >
>  > Thanks,
>  > Xuelei