RFR: 8163327: Remove 3DES from the default enabled cipher suites list [v2]

Sean Mullan mullan at openjdk.java.net
Tue Mar 22 21:21:14 UTC 2022


> This fix removes obsolete and deprecated 3DES cipher suites from the default enabled cipher suites list of the SunJSSE provider implementation. 
> 
> Note that 3DES suites are already disabled by default via the `jdk.tls.disabledAlgorithms` security property.  This change goes one step further and provides an extra level of defense by making them unavailable by default.  See the CSR for more details: https://bugs.openjdk.java.net/browse/JDK-8283450

Sean Mullan has updated the pull request incrementally with one additional commit since the last revision:

  Move TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA and SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
  lower in priority after other 3DES suites.

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/7894/files
  - new: https://git.openjdk.java.net/jdk/pull/7894/files/aed9c954..9edfa9ac

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=7894&range=01
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=7894&range=00-01

  Stats: 18 lines in 1 file changed: 9 ins; 9 del; 0 mod
  Patch: https://git.openjdk.java.net/jdk/pull/7894.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/7894/head:pull/7894

PR: https://git.openjdk.java.net/jdk/pull/7894



More information about the security-dev mailing list