RFR: 8163327: Remove 3DES from the default enabled cipher suites list
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Tue Mar 22 06:18:28 UTC 2022
On Mon, 21 Mar 2022 19:40:07 GMT, Sean Mullan <mullan at openjdk.org> wrote:
> This fix removes obsolete and deprecated 3DES cipher suites from the default enabled cipher suites list of the SunJSSE provider implementation.
>
> Note that 3DES suites are already disabled by default via the `jdk.tls.disabledAlgorithms` security property. This change goes one step further and provides an extra level of defense by making them unavailable by default. See the CSR for more details: https://bugs.openjdk.java.net/browse/JDK-8283450
src/java.base/share/classes/sun/security/ssl/CipherSuite.java line 425:
> 423: ProtocolVersion.PROTOCOLS_TO_12,
> 424: K_RSA, B_3DES, M_SHA, H_SHA256),
> 425:
It is good to have the supported cipher suites ordered. So it may be nice to have this block between line 348 and 349.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7894
More information about the security-dev
mailing list