Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8280507

Disable DTLS 1.0

    XMLWordPrintable

Details

    • behavioral
    • low
    • Hide
      DTLSv1.0 will not be negotiated unless it is removed from the `jdk.tls.disabledAlgorithms` security property. The JDK also supports the more secure DTLSv1.2 protocol and it is enabled by default. There is a small risk that a handshake could not be completed if either client or server do not support DTLSv1.2 or have not enabled it.
      Show
      DTLSv1.0 will not be negotiated unless it is removed from the `jdk.tls.disabledAlgorithms` security property. The JDK also supports the more secure DTLSv1.2 protocol and it is enabled by default. There is a small risk that a handshake could not be completed if either client or server do not support DTLSv1.2 or have not enabled it.
    • System or security property
    • JDK

    Description

      Summary

      Disable DTLS 1.0.

      Problem

      DTLS 1.0 has weakened over time and lacks support for stronger cipher suites. DTLS 1.0 correlates with version 1.1 of TLS which has already been disabled by default in JDK 16. The IETF has deprecated this version of DTLS (along with TLS 1.0 and 1.1) in RFC 8996.

      Solution

      Disable DTLS 1.0 by default, by adding "DTLSv1.0" to the jdk.tls.disabledAlgorithms security property in the java.security configuration file. This will cause attempts to use DTLSv1.0 to fail with an SSLHandshakeException. Users can, at their own risk, re-enable the version by removing "DTLSv1.0" from the jdk.tls.disabledAlgorithms security property.

      Specification

      Change to the java.security file:

      - jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
      -     DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
      + jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, \
      +     MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL

      Attachments

        Issue Links

          Activity

            People

              mullan Sean Mullan
              mullan Sean Mullan
              Bradford Wetmore, Haimay Chao, Xuelei Fan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: