-
Sub-task
-
Resolution: Delivered
-
P4
-
19
The following TLS cipher suites that use the obsolete 3DES algorithm have been removed from the default list of enabled cipher suites:
- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
- TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- SSL_RSA_WITH_3DES_EDE_CBC_SHA
Note that cipher suites using 3DES are already disabled by default in the `jdk.tls.disabledAlgorithms` security property. You may use these suites at your own risk by removing 3DES_EDE_CBC from the `jdk.tls.disabledAlgorithms` security property and re-enabling the suites via the `setEnabledCipherSuites()` method of the `SSLSocket`, `SSLServerSocket` or `SSLEngine` classes. Alternatively, if an application is using the `HttpsURLConnection` class, the `https.cipherSuites` system property can be used to re-enable the suites.
- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
- TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- SSL_RSA_WITH_3DES_EDE_CBC_SHA
Note that cipher suites using 3DES are already disabled by default in the `jdk.tls.disabledAlgorithms` security property. You may use these suites at your own risk by removing 3DES_EDE_CBC from the `jdk.tls.disabledAlgorithms` security property and re-enabling the suites via the `setEnabledCipherSuites()` method of the `SSLSocket`, `SSLServerSocket` or `SSLEngine` classes. Alternatively, if an application is using the `HttpsURLConnection` class, the `https.cipherSuites` system property can be used to re-enable the suites.