Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8279164 Disable TLS_ECDH_* cipher suites
  3. JDK-8296476

Release Note: Disabled TLS_ECDH Cipher Suites

    XMLWordPrintable

Details

    • Sub-task
    • Resolution: Delivered
    • P3
    • 20
    • 20
    • security-libs

    Description

      The TLS_ECDH cipher suites have been disabled by default, by adding "ECDH" to the `jdk.tls.disabledAlgorithms` security property in the `java.security` configuration file. The TLS_ECDH cipher suites do not preserve forward-secrecy and are rarely used in practice. Note that some TLS_ECDH cipher suites were already disabled because they use algorithms that are disabled, such as 3DES and RC4. This action disables the rest. Any attempts to use cipher suites starting with "TLS_ECDH_" will fail with an `SSLHandshakeException`. Users can, at their own risk, re-enable these cipher suites by removing "ECDH" from the `jdk.tls.disabledAlgorithms` security property.

      Please note that this change has no effect on the TLS_ECDHE cipher suites, which are still enabled by default.

      Attachments

        Activity

          People

            mullan Sean Mullan
            mullan Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: