Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8279164 Disable TLS_ECDH_* cipher suites
  3. JDK-8296476

Release Note: Disabled TLS_ECDH Cipher Suites

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Delivered
    • Icon: P3 P3
    • 20
    • 8u431, 11.0.25-oracle, 17.0.13-oracle, 20
    • security-libs

        The TLS_ECDH cipher suites have been disabled by default, by adding "ECDH" to the `jdk.tls.disabledAlgorithms` security property in the `java.security` configuration file. The TLS_ECDH cipher suites do not preserve forward-secrecy and are rarely used in practice. Note that some TLS_ECDH cipher suites were already disabled because they use algorithms that are disabled, such as 3DES and RC4. This action disables the rest. Any attempts to use cipher suites starting with "TLS_ECDH_" will fail with an `SSLHandshakeException`. Users can, at their own risk, re-enable these cipher suites by removing "ECDH" from the `jdk.tls.disabledAlgorithms` security property.

        Please note that this change has no effect on the TLS_ECDHE cipher suites, which are still enabled by default.

              mullan Sean Mullan
              mullan Sean Mullan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: