Integrated: 8341964: Add mechanism to disable different parts of TLS cipher suite
Artur Barashev
abarashev at openjdk.org
Thu Nov 14 17:47:38 UTC 2024
On Fri, 1 Nov 2024 18:06:30 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
> The current syntax of the jdk.tls.disabledAlgorithms makes it difficult to disable algorithms that affect both the key exchange and authentication parts of a TLS cipher suite. For example, if you add "RSA" to the jdk.tls.disabledAlgorithms security property, it disables all cipher suites that use RSA, whether it is for key exchange or authentication. If you only want to disable cipher suites that use RSA for key exchange, the only workaround is to list the whole cipher suite name, so an exact match is done, but if there are many cipher suites that use that key exchange algorithm, this becomes cumbersome.
This pull request has now been integrated.
Changeset: 697f27c5
Author: Artur Barashev <abarashev at openjdk.org>
Committer: Sean Mullan <mullan at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/697f27c5d53dbe275685b87c8ed1bcfe4da6e4d0
Stats: 775 lines in 6 files changed: 506 ins; 254 del; 15 mod
8341964: Add mechanism to disable different parts of TLS cipher suite
Reviewed-by: mullan, ascarpino
-------------
PR: https://git.openjdk.org/jdk/pull/21841
More information about the security-dev
mailing list