Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8280507

Disable DTLS 1.0

XMLWordPrintable

    • behavioral
    • low
    • Hide
      DTLSv1.0 will not be negotiated unless it is removed from the `jdk.tls.disabledAlgorithms` security property. The JDK also supports the more secure DTLSv1.2 protocol and it is enabled by default. There is a small risk that a handshake could not be completed if either client or server do not support DTLSv1.2 or have not enabled it.
      Show
      DTLSv1.0 will not be negotiated unless it is removed from the `jdk.tls.disabledAlgorithms` security property. The JDK also supports the more secure DTLSv1.2 protocol and it is enabled by default. There is a small risk that a handshake could not be completed if either client or server do not support DTLSv1.2 or have not enabled it.
    • System or security property
    • JDK

      Summary

      Disable DTLS 1.0.

      Problem

      DTLS 1.0 has weakened over time and lacks support for stronger cipher suites. DTLS 1.0 correlates with version 1.1 of TLS which has already been disabled by default in JDK 16. The IETF has deprecated this version of DTLS (along with TLS 1.0 and 1.1) in RFC 8996.

      Solution

      Disable DTLS 1.0 by default, by adding "DTLSv1.0" to the jdk.tls.disabledAlgorithms security property in the java.security configuration file. This will cause attempts to use DTLSv1.0 to fail with an SSLHandshakeException. Users can, at their own risk, re-enable the version by removing "DTLSv1.0" from the jdk.tls.disabledAlgorithms security property.

      Specification

      Change to the java.security file:

      - jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
      -     DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
      + jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, \
      +     MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL

            mullan Sean Mullan
            mullan Sean Mullan
            Bradford Wetmore, Haimay Chao, Xuelei Fan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: