RFR: 8245545: Disable TLS_RSA cipher suites
Artur Barashev
abarashev at openjdk.org
Tue Nov 19 17:00:56 UTC 2024
On Mon, 18 Nov 2024 21:36:32 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> These cipher suites do not preserve forward-secrecy and are not commonly used. Other TLS implementations (ex: Rustls) do not support or enable these suites by default. RFC 9325 [1] states that these suites should not be used. The IETF Draft "Deprecating Obsolete Key Exchange Methods in TLS" [2] mandates that these suites not be used.
>>
>> Some TLS_RSA_* cipher suites are already disabled because they use DES, 3DES, RC4, or NULL, which are disabled. This action will disable all remaining TLS_RSA cipher suites.
>>
>> [1] RFC 9325, Recommendations for Secure Use of TLS and DTLS (https://www.rfc-editor.org/rfc/rfc9325.html#section-4.1-2.5.1): "Implementations SHOULD NOT negotiate cipher suites based on RSA key transport, a.k.a. "static RSA". Rationale: These cipher suites, which have assigned values starting with the string "TLS_RSA_WITH_*", have several drawbacks, especially the fact that they do not support forward secrecy."
>> [2] IETF Draft, Deprecating Obsolete Key Exchange Methods in TLS (https://www.ietf.org/archive/id/draft-ietf-tls-deprecate-obsolete-kex-05.html#section-4): "Clients MUST NOT offer and servers MUST NOT select RSA cipher suites in TLS 1.2 connections. (Note that TLS 1.0 and 1.1 are deprecated by [RFC8996], and TLS 1.3 does not support static RSA [RFC8446].)"
>
> test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java line 241:
>
>> 239:
>> 240: public static void main(String[] args) throws Exception {
>> 241: SecurityUtils.removeFromDisabledTlsAlgs("TLS_RSA_*");
>
> This test verifies that only the enabled suites are what are expected, and we didn't accidentally re-enable a cipher suite. You should not be re-enabling any disabled suites. Instead remove TLS_RSA from the static String arrays.
Done. I think that's what I did in my other branch, but then decided to just disable TLS_RSA everywhere:
https://github.com/openjdk/jdk/pull/21911/files#diff-e60d5c4686491da1ba1ccd456053fcec9cffcaae304546235066d39b37fd96e0
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22163#discussion_r1848728938
More information about the security-dev
mailing list