RFR: 8279164: Disable TLS_ECDH_* cipher suites [v2]
Bradford Wetmore
wetmore at openjdk.org
Fri Nov 4 00:29:34 UTC 2022
On Thu, 3 Nov 2022 20:39:52 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> This change will disable TLS_ECDH_* cipher suites by default. These cipher suites do not preserve forward secrecy and are rarely used in practice. See the CSR for more details and rationale.
>>
>> Users will still be able to enable the suites (at their own risk) by removing "ECDH" from the `jdk.tls.disabledAlgorithms` security property.
>
> Sean Mullan has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains two additional commits since the last revision:
>
> - Merge
> - Initial revision.
LGTM other than the typos.
test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java line 85:
> 83: "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
> 84:
> 85: // AES_256(GCM) - not forward screcy
Can you please fix the rest of the"screcy" typos in this file?
-------------
Marked as reviewed by wetmore (Reviewer).
PR: https://git.openjdk.org/jdk/pull/10969
More information about the security-dev
mailing list