RFR: 8245545: Disable TLS_RSA cipher suites [v4]
Artur Barashev
abarashev at openjdk.org
Wed Nov 20 15:50:21 UTC 2024
On Wed, 20 Nov 2024 14:46:21 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Remove the empty lines added
>
> test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java line 1:
>
>> 1: /*
>
> For this test, please add 8245545 to the `@bug` line because it is making sure that the TLS_RSA suites are disabled.
Done.
> test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java line 61:
>
>> 59:
>> 60: public static void main(String[] args) {
>> 61: SecurityUtils.removeFromDisabledTlsAlgs("TLS_RSA_*");
>
> Add comment: // Re-enable TLS_RSA_* since test depends on it.
Done.
> test/jdk/sun/security/pkcs11/tls/tls12/FipsModeTLS12.java line 85:
>
>> 83:
>> 84: public static void main(String[] args) throws Exception {
>> 85: SecurityUtils.removeFromDisabledTlsAlgs("TLS_RSA_*");
>
> Add comment: // Re-enable TLS_RSA_* since test depends on it.
Done.
> test/jdk/sun/security/ssl/ClientHandshaker/LengthCheckTest.java line 273:
>
>> 271: */
>> 272: public static void main(String args[]) throws Exception {
>> 273: // Re-enable TLSv1 since test depends on it.
>
> Update comment: s/TLSv1/TLSv1 and TLS_RSA_*/
Done.
> test/jdk/sun/security/ssl/EngineArgs/DebugReportsOneExtraByte.java line 103:
>
>> 101: System.out.println("Test Passed.");
>> 102: } else {
>> 103: // Re-enable TLSv1 since test depends on it
>
> Update comment: s/TLSv1/TLSv1 and TLS_RSA_*/
Done.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22163#discussion_r1850559830
PR Review Comment: https://git.openjdk.org/jdk/pull/22163#discussion_r1850561029
PR Review Comment: https://git.openjdk.org/jdk/pull/22163#discussion_r1850562526
PR Review Comment: https://git.openjdk.org/jdk/pull/22163#discussion_r1850564045
PR Review Comment: https://git.openjdk.org/jdk/pull/22163#discussion_r1850565217
More information about the security-dev
mailing list