RFR: 8163327: Remove 3DES from the default enabled cipher suites list

Sean Mullan mullan at openjdk.java.net
Mon Mar 21 19:49:09 UTC 2022


On Mon, 21 Mar 2022 19:40:07 GMT, Sean Mullan <mullan at openjdk.org> wrote:

> This fix removes obsolete and deprecated 3DES cipher suites from the default enabled cipher suites list of the SunJSSE provider implementation. 
> 
> Note that 3DES suites are already disabled by default via the `jdk.tls.disabledAlgorithms` security property.  This change goes one step further and provides an extra level of defense by making them unavailable by default.  See the CSR for more details: https://bugs.openjdk.java.net/browse/JDK-8283450

test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java line 100:

> 98:         "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
> 99:         "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
> 100:         "SSL_RSA_EXPORT_WITH_RC4_40_MD5",

Also added additional suites that are already disabled and had not been added to this test.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7894



More information about the security-dev mailing list