Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8211883

Disable anon and NULL cipher suites

    XMLWordPrintable

Details

    Backports

      Description

        The TLS anon (anonymous) and NULL cipher suites are used rarely and have security weaknesses. Anonymous suites are vulnerable to man-in-the-middle attacks. NULL suites do not provide confidentiality. RFC 7525 (Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)" says: "Implementations MUST NOT negotiate the cipher suites with NULL encryption." TLS 1.3 has removed them.
         
        These suites are not enabled by default (i.e. they are not on the internal hardcoded list of ciphersuites that are available for TLS handshake), so an application has to explicitly enable them using an API or the "jdk.tls.client.cipherSuites" or "jdk.tls.server.cipherSuites" system properties. However, adding them to the "jdk.tls.disabledAlgorithms" security property adds an extra layer of protection should they be used accidentally or maliciously. This change is also consistent with prior crypto roadmap changes that have disabled insecure cipher suites.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8213089 Disable anon and NULL cipher suites

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8213090 Disable anon and NULL cipher suites

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8213091 Disable anon and NULL cipher suites

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8213336 Disable anon and NULL cipher suites

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8213380 Disable anon and NULL cipher suites

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8213805 Disable anon and NULL cipher suites

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8213816 Disable anon and NULL cipher suites

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8215173 Disable anon and NULL cipher suites

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8215850 Disable anon and NULL cipher suites

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8216913 Disable anon and NULL cipher suites

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8218531 Disable anon and NULL cipher suites

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8219305 Disable anon and NULL cipher suites

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8220969 Disable anon and NULL cipher suites

            • P3 - Major loss of function.
            • Resolved
            csr for

            CSR - null JDK-8212823 Disable anon and NULL cipher suites

            • P3 - Major loss of function.
            • Closed
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-8217579 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is disabled after 8211883

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-8157035 Use stronger algorithms and keys for JSSE testing

            • P3 - Major loss of function.
            • Closed

            Activity

              People

                mullan Sean Mullan
                mullan Sean Mullan
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: