RFR: 8279164: Disable TLS_ECDH_* cipher suites [v3]

Sean Mullan mullan at openjdk.org
Fri Nov 4 13:12:34 UTC 2022


> This change will disable TLS_ECDH_* cipher suites by default. These cipher suites do not preserve forward secrecy and are rarely used in practice. See the CSR for more details and rationale.
> 
> Users will still be able to enable the suites (at their own risk) by removing "ECDH" from the `jdk.tls.disabledAlgorithms` security property.

Sean Mullan has updated the pull request incrementally with one additional commit since the last revision:

  Fix "screcy" typos.

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/10969/files
  - new: https://git.openjdk.org/jdk/pull/10969/files/0aa21bdc..5a557059

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=10969&range=02
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=10969&range=01-02

  Stats: 16 lines in 1 file changed: 0 ins; 0 del; 16 mod
  Patch: https://git.openjdk.org/jdk/pull/10969.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/10969/head:pull/10969

PR: https://git.openjdk.org/jdk/pull/10969



More information about the security-dev mailing list