CSR Review Request, JDK-8163326, The default enabled cipher suites should prefer forward secrecy

Xuelei Fan xuelei.fan at oracle.com
Wed Mar 20 15:38:03 UTC 2019


H Bernd,

Thank you for the quick review.  All good points!

On 3/20/2019 12:34 AM, Bernd Eckenfels wrote:
> Good to understand now.
> 
> Do you want to add a sentence how devs&ops can change the order (I.e. 
> enabling the ciphers in a different order?)
> 
In the JSSE Reference Guide, there are sections talking about cipher 
suite preference.  I will add a note in the release-note about how to 
customize the preference.

> Just to be clear, In the Risk Evaluation the „should have been used“ 
> does mean JDK should have done this before, it does not mean it has used 
> the preference before, right? (Although in practice I guess especially 
> DHE have been prefered over RSA by peers often)
> 
Right.

> The main risk of the change to me seems to be: priotizing DHE over plain 
> DSS/RSA. As this increases the likelyhood for DHE related interop 
> problems (due to lack of negotiation of „group“ sizes).
> 
> I suspect two aspects reduce the risk, but maybe it should be mentioned 
> explicitely:
> 
> „Preference of DHE_RSA over RSA could increase group/size related 
> interoperability problems. However it is expected that this is mitigated 
> by the additional DHE parameters (FFDHE) in group announcement and also 
> the fact that existing implementations have been confronted with bigger 
> DHE keys for some time now. Besides many existing servers prefer ECDHE 
> or would have picked DHE over RSA anyway.“
> 
It makes sense to me. I added to the "Compatibility Risk Description" field.

Considering the existing DHE problems, it may be nice to decrease the 
priority of DHE cipher suites as well.  I update the CSR accordingly.

> I would expect no performance impact as most modern/perfcritical systems 
> would use ECDHE already (and the perf impact of preferring GCM over CBC 
> is a different discussion)
>
Agreed, I think the performance impact is minimal as well.

Thanks,
Xuelei

> 
> Gruss
> Bernd
> -- 
> http://bernd.eckenfels.net
> ------------------------------------------------------------------------
> *Von:* security-dev <security-dev-bounces at openjdk.java.net> im Auftrag 
> von Xuelei Fan <xuelei.fan at oracle.com>
> *Gesendet:* Mittwoch, März 20, 2019 6:19 AM
> *An:* security-dev at openjdk.java.net
> *Betreff:* Re: CSR Review Request, JDK-8163326, The default enabled 
> cipher suites should prefer forward secrecy
> Hi,
> 
> I extended this CSR to cover more update, and update per the comments.
> Please let me know your concerns by the end of March 21, 2019.
> 
> Thanks,
> Xuelei
> 
> On 3/6/2019 3:41 PM, Bernd Eckenfels wrote:
>  > I am not clear on what would „preferred in current default context“
>  > mean. Does that mean it preferred the PFS ciphers anyway.. for suggested
>  > order in client handshake? as server? And what would be the non-Default
>  > context. Is this „TLS“ context?
>  >
>  > Gruss
>  > Bernd
>  > --
>  > http://bernd.eckenfels.net
>  > ------------------------------------------------------------------------
>  > *Von:* security-dev <security-dev-bounces at openjdk.java.net> im Auftrag
>  > von Sean Mullan <sean.mullan at oracle.com>
>  > *Gesendet:* Mittwoch, März 6, 2019 9:12 PM
>  > *An:* security-dev at openjdk.java.net
>  > *Betreff:* Re: CSR Review Request, JDK-8163326, The default enabled
>  > cipher suites should prefer forward secrecy
>  > Hi Xuelei,
>  >
>  > In the Specification section, I think it would be useful to note which
>  > cipher suites are forward secret and which are not. Otherwise, it is
>  > difficult to see what has changed, since there are so many supported
>  > suites. Perhaps in parentheses, ex:
>  >
>  > TLS_AES_128_GCM_SHA256 (forward secret)
>  > ...
>  >
>  > I also think you should summarize what has changed or what is roughly
>  > the new order, for example:
>  >
>  > - The TLS_RSA suites have moved down ...
>  > - The TLS_ECDH suites have moved
>  > - The SSL_RSA suites have moved down ...
>  > etc...
>  >
>  > --Sean
>  >
>  > On 2/21/19 4:45 PM, Xuelei Fan wrote:
>  > > Hi,
>  > >
>  > > Could I get the CSR reviewed?
>  > >     https://bugs.openjdk.java.net/browse/JDK-8219545
>  > >
>  > > It is proposed to increase the priority of forward secrecy cipher
>  > > suites, and decrease the priority of RSA key exchange based cipher
>  > > suites for the default enabled cipher suites in the SunJSSE provider.
>  > >
>  > > Thanks,
>  > > Xuelei



More information about the security-dev mailing list