RFR: 8341964: Add mechanism to disable different parts of TLS cipher suite [v13]

[Sean Mullan]

On Tue, 12 Nov 2024 19:11:48 GMT, Artur Barashev <abarashev at openjdk.org> wrote:

>> The current syntax of the jdk.tls.disabledAlgorithms makes it difficult to disable algorithms that affect both the key exchange and authentication parts of a TLS cipher suite. For example, if you add "RSA" to the jdk.tls.disabledAlgorithms security property, it disables all cipher suites that use RSA, whether it is for key exchange or authentication. If you only want to disable cipher suites that use RSA for key exchange, the only workaround is to list the whole cipher suite name, so an exact match is done, but if there are many cipher suites that use that key exchange algorithm, this becomes cumbersome.
>
> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Use exact needed capacity for patterns list

Looks good. Please update the copyright on test and I will approve.

test/jdk/sun/security/ssl/CipherSuite/AbstractDisableCipherSuites.java line 2:

> 1: /*
> 2:  * Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.

We should include 2018 in this copyright since most of it was copied from `NoDesRC4DesEdeCiphSuite.java`, so:

`* Copyright (c) 2018, 2024, Oracle and/or its affiliates. All rights reserved.`

-------------

PR Review: https://git.openjdk.org/jdk/pull/21841#pullrequestreview-2430584197
PR Review Comment: https://git.openjdk.org/jdk/pull/21841#discussion_r1838703184