Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8279164

Disable TLS_ECDH_* cipher suites

XMLWordPrintable

        These cipher suites do not preserve forward-secrecy and are rarely used in practice. Other TLS implementations (ex: Chrome, Mozilla) do not enable these suites. The successor of RFC 7525 [1] recommends that these suites not be used. This draft has been submitted to IESG for Publication as an RFC.

        Some TLS_ECDH_* cipher suites are already disabled because they use 3DES, RC4, anon, or NULL, which are disabled. This action will disable all remaining ECDH cipher suites.

        [1] https://www.ietf.org/archive/id/draft-ietf-uta-rfc7525bis-11.html#name-general-guidelines (see 6th bullet starting with "Implementations SHOULD NOT negotiate cipher suites based on non-ephemeral (static) finite-field Diffie-Hellman key agreement.")

              mullan Sean Mullan
              mullan Sean Mullan
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: