Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8283450

Remove 3DES from the default enabled cipher suites list

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P4 P4
    • 19
    • security-libs
    • None
    • behavioral
    • low
    • Hide
      The compatibility risk should be extremely low, since 3DES suites are rarely used and most servers are configured to negotiate stronger suites. Also, TLSv1.0 are 1.1 are already disabled by default and were more commonly used with 3DES suites. However, a 3DES based ciphersuite can re-enabled via the `setEnabledCipherSuites()` method of the `SSLSocket`, `SSLServerSocket` and `SSLEngine` classes.

      Alternatively, if an application is using the `HttpsURLConnection` class, it can use the `https.cipherSuites` system property to re-enable the ciphersuite.
      Show
      The compatibility risk should be extremely low, since 3DES suites are rarely used and most servers are configured to negotiate stronger suites. Also, TLSv1.0 are 1.1 are already disabled by default and were more commonly used with 3DES suites. However, a 3DES based ciphersuite can re-enabled via the `setEnabledCipherSuites()` method of the `SSLSocket`, `SSLServerSocket` and `SSLEngine` classes. Alternatively, if an application is using the `HttpsURLConnection` class, it can use the `https.cipherSuites` system property to re-enable the ciphersuite.
    • Other
    • Implementation

      Summary

      Remove TLS cipher suites that use 3DES from the default list of enabled cipher suites supported by the SunJSSE provider.

      Note that cipher suites using 3DES are already disabled by default in the jdk.tls.disabledAlgorithms security property. This change would go one step further and make them unavailable by default, even if removed from the jdk.tls.disabledAlgorithms security property.

      Problem

      Cipher suites using 3DES are weak and vulnerable to known attacks such as Sweet32 and should not be used in practice anymore. Per RFC 7525, implementations SHOULD NOT negotiate cipher suites that use algorithms offering less than 128 bits of security. The strength of 3DES is 112 bits, which is less than 128 bits of security.

      As noted in the Summary, 3DES suites are already disabled by default via the jdk.tls.disabledAlgorithms security property. This change provides additional defense-in-depth by making them unavailable in the default list at run time. An application that wants to use a 3DES suites will need to remove 3DES from the jdk.tls.disabledAlgorithms security property and explicitly configure the suite using an API such as SSLSocket::setEnabledCipherSuites().

      Solution

      Remove the following TLS cipher suites that use 3DES from the default list of enabled cipher suites:

      • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
      • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
      • SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
      • SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
      • TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
      • TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
      • SSL_RSA_WITH_3DES_EDE_CBC_SHA

      These cipher suites are still supported by the SunJSSE provider. However, they will no longer be enabled by default and must be configured in order to be enabled (see the Compatibility Risk section for more details).

      Specification

      This is an implementation change only. See the Solution section for the proposed changes.

            mullan Sean Mullan
            xuelei Xuelei Fan
            Xuelei Fan
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: