[15] RFR: 8238560: Cleanup and consolidate algorithms in the jdk.tls.legacyAlgorithms security property

Bernd Eckenfels ecki at zusammenkunft.net
Thu Feb 20 17:48:25 UTC 2020


Hello Sean,

Are the separate entries for 3DES and DES needed or can they also be collapsed?

BTW i am always unsre about the interactions of setting the Protocol and the enabled ciphers so I am in the habit to set the protocols before using getEnabled or setting enabled ciphers. I guess it makes no difference but for that reason I would move line 76 before 73  in the test.

Gruss
Bernd
--
http://bernd.eckenfels.net
________________________________
Von: security-dev <security-dev-bounces at openjdk.java.net> im Auftrag von Sean Mullan <sean.mullan at oracle.com>
Gesendet: Thursday, February 20, 2020 2:01:59 PM
An: security Dev OpenJDK <security-dev at openjdk.java.net>
Betreff: [15] RFR: 8238560: Cleanup and consolidate algorithms in the jdk.tls.legacyAlgorithms security property

Please review this change to cleanup and consolidate the default value
of the jdk.tls.legacyAlgorithms security property. The following changes
have been made:

1. Changed K_NULL, C_NULL, M_NULL to NULL, which will cover all null
cipher suites. The *_NULL algorithms were implementation details and not
compliant with the specification of the property.

2. Changed DH_anon, ECDH_anon to anon, which will cover all cipher
suites using anonymous authentication.

3. Changed RC4_128, RC4_40 to RC4, which will cover all cipher suites
using RC4 for encryption.

4. Changed DES_CBC, DES40_CBC to DES, which will cover all cipher suites
using DES for encryption.

I also added a new regression test.

CSR: https://bugs.openjdk.java.net/browse/JDK-8239377
webrev: http://cr.openjdk.java.net/~mullan/webrevs/8238560/webrev.00/

Thanks,
Sean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/security-dev/attachments/20200220/d85eabf7/attachment.htm>


More information about the security-dev mailing list