RFR: 8341964: Add mechanism to disable different parts of TLS cipher suite [v6]
Artur Barashev
abarashev at openjdk.org
Fri Nov 8 20:53:50 UTC 2024
On Fri, 8 Nov 2024 20:35:03 GMT, Lothar Kimmeringer <duke at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Ignore all regex characters but asterisk. Update test patterns.
>
> test/jdk/sun/security/ssl/CipherSuite/TLSCipherSuiteWildCardMatchingDisablePartsOfCipherSuite.java line 44:
>
>> 42: private static final String SECURITY_PROPERTY = "jdk.tls.disabledAlgorithms";
>> 43: private static final String TEST_ALGORITHMS =
>> 44: "TLS_RSA_*, TLS_ECDH*WITH_AES_256_GCM_*, TLS_*_anon_WITH_AES_*_SHA";
>
> Maybe add another pattern that contains other regex-characters to test that it doesn't lead to an error and that the chars are handled as part of the pattern, e.g. `TLS_.*`. If it's interpreted as regex this should disable all ciphers (internally converted to `TLS_..*`. Handled "literally" it would only disable all ciphers starting with `TLS_.` (i.e. none).
Yes, good idea.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21841#discussion_r1835044981
More information about the security-dev
mailing list