Details
-
Bug
-
Resolution: Fixed
-
P3
-
None
-
b12
-
Verified
Description
The definition of the jdk.tls.legacyAlgorithms security property states that:
# The LegacyAlgorithm can be one of the following standard algorithm names:
# 1. JSSE cipher suite name, e.g., TLS_RSA_WITH_AES_128_CBC_SHA
# 2. JSSE key exchange algorithm name, e.g., RSA
# 3. JSSE cipher (encryption) algorithm name, e.g., AES_128_CBC
# 4. JSSE message digest algorithm name, e.g., SHA
However, the default setting includes several algorithms that are not standard as defined above:
K_NULL, C_NULL, M_NULL
The reason for this is that the TLS cipher suite names don't distinguish between a NULL key exchange algorithm, cipher, or MAC. "NULL" is used for each of these, so the values above allow you to distinguish (and if you choose) disable only some or all of them. But the values above are implementation details, and by using them, there is more risk that something else that is not necessarily weak might be disabled.
I think that the best fix is to simply replace these values with "NULL" as all of the NULL suites are weak. This is what we already did in the jdk.tls.disabledAlgorithms property.
Also, several other algorithms can be combined and consolidated using more general names. See the CSR for more details.
# The LegacyAlgorithm can be one of the following standard algorithm names:
# 1. JSSE cipher suite name, e.g., TLS_RSA_WITH_AES_128_CBC_SHA
# 2. JSSE key exchange algorithm name, e.g., RSA
# 3. JSSE cipher (encryption) algorithm name, e.g., AES_128_CBC
# 4. JSSE message digest algorithm name, e.g., SHA
However, the default setting includes several algorithms that are not standard as defined above:
K_NULL, C_NULL, M_NULL
The reason for this is that the TLS cipher suite names don't distinguish between a NULL key exchange algorithm, cipher, or MAC. "NULL" is used for each of these, so the values above allow you to distinguish (and if you choose) disable only some or all of them. But the values above are implementation details, and by using them, there is more risk that something else that is not necessarily weak might be disabled.
I think that the best fix is to simply replace these values with "NULL" as all of the NULL suites are weak. This is what we already did in the jdk.tls.disabledAlgorithms property.
Also, several other algorithms can be combined and consolidated using more general names. See the CSR for more details.
Attachments
Issue Links
- csr for
-
JDK-8239377 Cleanup and consolidate algorithms in the jdk.tls.legacyAlgorithms security property
-
- Closed
-