Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8208350 Disable all DES cipher suites
  3. JDK-8209658

Release Note: Disabled All DES TLS Cipher Suites

    XMLWordPrintable

Details

    • Sub-task
    • Status: Closed
    • P3
    • Resolution: Delivered
    • 6u211, 7u201, 8u191, 11.0.1, 12
    • 12
    • security-libs

    Backports

      Description

        DES-based TLS cipher suites are considered obsolete and should no longer be used. DES-based cipher suites have been deactivated by default in the SunJSSE implementation by adding the "DES" identifier to the `jdk.tls.disabledAlgorithms` security property. These cipher suites can be reactivated by removing "DES" from the `jdk.tls.disabledAlgorithms` security property in the `java.security` file or by dynamically calling the `Security.setProperty()` method. In both cases re-enabling DES must be followed by adding DES-based cipher suites to the enabled cipher suite list using the `SSLSocket.setEnabledCipherSuites()` or `SSLEngine.setEnabledCipherSuites()` methods.

        Note that prior to this change, DES40_CBC (but not all DES) suites were disabled via the `jdk.tls.disabledAlgorithms` security property.

        Attachments

          Issue Links

            Activity

              People

                jnimeh Jamil Nimeh
                jnimeh Jamil Nimeh
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: