CSR Review Request, JDK-8163326, The default enabled cipher suites should prefer forward secrecy
Xuelei Fan
xuelei.fan at oracle.com
Wed Mar 20 15:38:03 UTC 2019
H Bernd,
Thank you for the quick review. All good points!
On 3/20/2019 12:34 AM, Bernd Eckenfels wrote:
> Good to understand now.
>
> Do you want to add a sentence how devs&ops can change the order (I.e.
> enabling the ciphers in a different order?)
>
In the JSSE Reference Guide, there are sections talking about cipher
suite preference. I will add a note in the release-note about how to
customize the preference.
> Just to be clear, In the Risk Evaluation the „should have been used“
> does mean JDK should have done this before, it does not mean it has used
> the preference before, right? (Although in practice I guess especially
> DHE have been prefered over RSA by peers often)
>
Right.
> The main risk of the change to me seems to be: priotizing DHE over plain
> DSS/RSA. As this increases the likelyhood for DHE related interop
> problems (due to lack of negotiation of „group“ sizes).
>
> I suspect two aspects reduce the risk, but maybe it should be mentioned
> explicitely:
>
> „Preference of DHE_RSA over RSA could increase group/size related
> interoperability problems. However it is expected that this is mitigated
> by the additional DHE parameters (FFDHE) in group announcement and also
> the fact that existing implementations have been confronted with bigger
> DHE keys for some time now. Besides many existing servers prefer ECDHE
> or would have picked DHE over RSA anyway.“
>
It makes sense to me. I added to the "Compatibility Risk Description" field.
Considering the existing DHE problems, it may be nice to decrease the
priority of DHE cipher suites as well. I update the CSR accordingly.
> I would expect no performance impact as most modern/perfcritical systems
> would use ECDHE already (and the perf impact of preferring GCM over CBC
> is a different discussion)
>
Agreed, I think the performance impact is minimal as well.
Thanks,
Xuelei
>
> Gruss
> Bernd
> --
> http://bernd.eckenfels.net
> ------------------------------------------------------------------------
> *Von:* security-dev <security-dev-bounces at openjdk.java.net> im Auftrag
> von Xuelei Fan <xuelei.fan at oracle.com>
> *Gesendet:* Mittwoch, März 20, 2019 6:19 AM
> *An:* security-dev at openjdk.java.net
> *Betreff:* Re: CSR Review Request, JDK-8163326, The default enabled
> cipher suites should prefer forward secrecy
> Hi,
>
> I extended this CSR to cover more update, and update per the comments.
> Please let me know your concerns by the end of March 21, 2019.
>
> Thanks,
> Xuelei
>
> On 3/6/2019 3:41 PM, Bernd Eckenfels wrote:
> > I am not clear on what would „preferred in current default context“
> > mean. Does that mean it preferred the PFS ciphers anyway.. for suggested
> > order in client handshake? as server? And what would be the non-Default
> > context. Is this „TLS“ context?
> >
> > Gruss
> > Bernd
> > --
> > http://bernd.eckenfels.net
> > ------------------------------------------------------------------------
> > *Von:* security-dev <security-dev-bounces at openjdk.java.net> im Auftrag
> > von Sean Mullan <sean.mullan at oracle.com>
> > *Gesendet:* Mittwoch, März 6, 2019 9:12 PM
> > *An:* security-dev at openjdk.java.net
> > *Betreff:* Re: CSR Review Request, JDK-8163326, The default enabled
> > cipher suites should prefer forward secrecy
> > Hi Xuelei,
> >
> > In the Specification section, I think it would be useful to note which
> > cipher suites are forward secret and which are not. Otherwise, it is
> > difficult to see what has changed, since there are so many supported
> > suites. Perhaps in parentheses, ex:
> >
> > TLS_AES_128_GCM_SHA256 (forward secret)
> > ...
> >
> > I also think you should summarize what has changed or what is roughly
> > the new order, for example:
> >
> > - The TLS_RSA suites have moved down ...
> > - The TLS_ECDH suites have moved
> > - The SSL_RSA suites have moved down ...
> > etc...
> >
> > --Sean
> >
> > On 2/21/19 4:45 PM, Xuelei Fan wrote:
> > > Hi,
> > >
> > > Could I get the CSR reviewed?
> > > https://bugs.openjdk.java.net/browse/JDK-8219545
> > >
> > > It is proposed to increase the priority of forward secrecy cipher
> > > suites, and decrease the priority of RSA key exchange based cipher
> > > suites for the default enabled cipher suites in the SunJSSE provider.
> > >
> > > Thanks,
> > > Xuelei
More information about the security-dev
mailing list