RFR: 8279164: Disable TLS_ECDH_* cipher suites
Sean Mullan
mullan at openjdk.org
Thu Nov 3 15:07:47 UTC 2022
This change will disable TLS_ECDH_* cipher suites by default. These cipher suites do not preserve forward secrecy and are rarely used in practice. See the CSR for more details and rationale.
Users will still be able to enable the suites (at their own risk) by removing "ECDH" from the `jdk.tls.disabledAlgorithms` security property.
-------------
Commit messages:
- Initial revision.
Changes: https://git.openjdk.org/jdk/pull/10969/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=10969&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8279164
Stats: 92 lines in 4 files changed: 14 ins; 63 del; 15 mod
Patch: https://git.openjdk.org/jdk/pull/10969.diff
Fetch: git fetch https://git.openjdk.org/jdk pull/10969/head:pull/10969
PR: https://git.openjdk.org/jdk/pull/10969
More information about the security-dev
mailing list