-
CSR
-
Resolution: Approved
-
P3
-
None
-
behavioral
-
low
-
-
System or security property
-
JDK
Summary
Disable TLS_ECDH_* cipher suites by default.
Problem
The TLS_ECDH_* cipher suites do not preserve forward-secrecy and are rarely used in practice. Other TLS implementations (ex: Chrome, Firefox) do not enable these suites. The successor of RFC 7525 [1] (which has been submitted to IESG for Publication as an RFC) recommends that these suites not be used.
Note that some TLS_ECDH_* cipher suites are currently disabled because they use algorithms that are disabled, such as 3DES and RC4. This action will disable the rest.
TLS_ECDH_* cipher suites are supported in TLS 1.0, 1.1, 1.2, and DTLS 1.0, 1.2. They are not supported in TLS 1.3. TLS 1.0, 1.1 and DTLS 1.0 are already disabled by default.
[1] https://www.ietf.org/archive/id/draft-ietf-uta-rfc7525bis-11.html#name-general-guidelines (see 6th bullet starting with "Implementations SHOULD NOT negotiate cipher suites based on non-ephemeral (static) finite-field Diffie-Hellman key agreement.")
Solution
Disable TLS_ECDH_* cipher suites by adding "ECDH" to the jdk.tls.disabledAlgorithms
security property in the java.security
configuration file. This will cause attempts to use TLS_ECDH_* cipher suites to fail with a SSLHandshakeException
with the error message "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)". Users can, at their own risk, re-enable the suites by removing "ECDH" from the jdk.tls.disabledAlgorithms
security property.
Specification
Change to the java.security
file:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048, \
# rsa_pkcs1_sha1, secp224r1
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, \
- MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
+ MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
+ ECDH
- csr of
-
JDK-8279164 Disable TLS_ECDH_* cipher suites
- Resolved
- relates to
-
JDK-8224559 Add RFC8410 certificate and TLS ECDH support for x25519/x448
- Open