-
Bug
-
Resolution: Won't Fix
-
P3
-
None
-
None
This was noticed while investigating a related support call to disable RSA_EXPORT.
There is apparently no way to specify these EXPORT key exchange algs to the disabled list.
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
If you look at the SSLAlgorithmDecomposer, you will note that DH_anon_EXPORT, DHE_RSA_EXPORT, and DHE_DSS_EXPORT are not separate CipherSuite.KeyExchange enum types. RSA_EXPORT and KRB5_EXPORT work fine because they are found.
There is apparently no way to specify these EXPORT key exchange algs to the disabled list.
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
If you look at the SSLAlgorithmDecomposer, you will note that DH_anon_EXPORT, DHE_RSA_EXPORT, and DHE_DSS_EXPORT are not separate CipherSuite.KeyExchange enum types. RSA_EXPORT and KRB5_EXPORT work fine because they are found.
- relates to
-
JDK-8163237 Restrict the use of EXPORT cipher suites
-
- Resolved
-