RFR: 8163327: Remove 3DES from the default enabled cipher suites list [v2]

Xue-Lei Andrew Fan xuelei at openjdk.java.net
Tue Mar 22 21:39:31 UTC 2022


On Tue, 22 Mar 2022 21:21:14 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> This fix removes obsolete and deprecated 3DES cipher suites from the default enabled cipher suites list of the SunJSSE provider implementation. 
>> 
>> Note that 3DES suites are already disabled by default via the `jdk.tls.disabledAlgorithms` security property.  This change goes one step further and provides an extra level of defense by making them unavailable by default.  See the CSR for more details: https://bugs.openjdk.java.net/browse/JDK-8283450
>
> Sean Mullan has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Move TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA and SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
>   lower in priority after other 3DES suites.

Looks good to me.

-------------

Marked as reviewed by xuelei (Reviewer).

PR: https://git.openjdk.java.net/jdk/pull/7894



More information about the security-dev mailing list