-
Sub-task
-
Resolution: Delivered
-
P3
-
8u431, 11.0.25-oracle, 17.0.13-oracle, 20
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8339091 | 17.0.13-oracle | Marc Palmerjohnson | P3 | Resolved | Delivered | |
| JDK-8339092 | 11.0.25-oracle | Marc Palmerjohnson | P3 | Resolved | Delivered | |
| JDK-8339093 | 8u431 | Marc Palmerjohnson | P3 | Resolved | Delivered |
The TLS_ECDH cipher suites have been disabled by default, by adding "ECDH" to the `jdk.tls.disabledAlgorithms` security property in the `java.security` configuration file. The TLS_ECDH cipher suites do not preserve forward-secrecy and are rarely used in practice. Note that some TLS_ECDH cipher suites were already disabled because they use algorithms that are disabled, such as 3DES and RC4. This action disables the rest. Any attempts to use cipher suites starting with "TLS_ECDH_" will fail with an `SSLHandshakeException`. Users can, at their own risk, re-enable these cipher suites by removing "ECDH" from the `jdk.tls.disabledAlgorithms` security property.
Please note that this change has no effect on the TLS_ECDHE cipher suites, which are still enabled by default.
Please note that this change has no effect on the TLS_ECDHE cipher suites, which are still enabled by default.
- backported by
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-