RFR: 8202343: Disable TLS 1.0 and 1.1 [v2]
Sean Mullan
mullan at openjdk.java.net
Tue Nov 17 17:55:19 UTC 2020
> This change disables the TLSv1 and TLSv1.1 protocols by adding them to the jdk.tls.disabledAlgorithms security property in the java.security file. These protocols use weak algorithms and are being deprecated by the IETF. They should be disabled by default to improve the default security configuration of the JDK. See the CSR for more rationale: https://bugs.openjdk.java.net/browse/JDK-8254713
>
> The fix mostly involves changes to existing tests that for one reason or another depend on the TLSv1 and TLSv1.1 protocols being enabled. There is a new test specifically for this issue: test/jdk/sun/security/ssl/SSLContextImpl/SSLContextDefault.java
Sean Mullan has updated the pull request incrementally with one additional commit since the last revision:
More test changes.
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/1235/files
- new: https://git.openjdk.java.net/jdk/pull/1235/files/71d49643..4daf0154
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=1235&range=01
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=1235&range=00-01
Stats: 10 lines in 2 files changed: 7 ins; 3 del; 0 mod
Patch: https://git.openjdk.java.net/jdk/pull/1235.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/1235/head:pull/1235
PR: https://git.openjdk.java.net/jdk/pull/1235
More information about the security-dev
mailing list