RFR: 8279164: Disable TLS_ECDH_* cipher suites [v3]
Bradford Wetmore
wetmore at openjdk.org
Fri Nov 4 21:07:45 UTC 2022
On Fri, 4 Nov 2022 13:12:34 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> This change will disable TLS_ECDH_* cipher suites by default. These cipher suites do not preserve forward secrecy and are rarely used in practice. See the CSR for more details and rationale.
>>
>> Users will still be able to enable the suites (at their own risk) by removing "ECDH" from the `jdk.tls.disabledAlgorithms` security property.
>
> Sean Mullan has updated the pull request incrementally with one additional commit since the last revision:
>
> Fix "screcy" typos.
Thanks.
-------------
PR: https://git.openjdk.org/jdk/pull/10969
More information about the security-dev
mailing list