-
Bug
-
Resolution: Fixed
-
P4
-
11.0.25, 17.0.13
-
b01
-
b01
-
generic
-
generic
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8334625 | 11.0.25 | Martin Doerr | P4 | Resolved | Fixed | b01 |
In trunk, the JDK-8279164 change to test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java is as follows:
- // supported 3DES, DES, RC4, NULL, and anon cipher suites
- // it does not contain KRB5 cipher suites because they need a KDC
- private static final String[] desede_des_rc4_null_anon_ciphersuites
+ // disabled 3DES, DES, RC4, NULL, anon, and ECDH cipher suites
+ private static final String[] disabled_ciphersuites
and
@@ -109,7 +108,19 @@ public class DisabledAlgorithms {
"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
- "SSL_RSA_WITH_3DES_EDE_CBC_SHA"
+ "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
In backporting to 17u, changes related to 3DES fromJDK-8163327 have been incorporated that don't belong in this fix.
- // supported RC4, NULL, and anon cipher suites
- // it does not contain KRB5 cipher suites because they need a KDC
- private static final String[] rc4_null_anon_ciphersuites = new String[] {
+ // disabled 3DES, DES, RC4, NULL, anon, and ECDH cipher suites
+ private static final String[] disabled_ciphersuites
+ = new String[] {
and
- "TLS_ECDH_anon_WITH_RC4_128_SHA"
+ "TLS_ECDH_anon_WITH_RC4_128_SHA",
+ "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
The 17u version has been used as the basis for the 11u one so this is affected too.
- // supported 3DES, DES, RC4, NULL, and anon cipher suites
- // it does not contain KRB5 cipher suites because they need a KDC
- private static final String[] desede_des_rc4_null_anon_ciphersuites
+ // disabled 3DES, DES, RC4, NULL, anon, and ECDH cipher suites
+ private static final String[] disabled_ciphersuites
and
@@ -109,7 +108,19 @@ public class DisabledAlgorithms {
"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
- "SSL_RSA_WITH_3DES_EDE_CBC_SHA"
+ "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
In backporting to 17u, changes related to 3DES from
- // supported RC4, NULL, and anon cipher suites
- // it does not contain KRB5 cipher suites because they need a KDC
- private static final String[] rc4_null_anon_ciphersuites = new String[] {
+ // disabled 3DES, DES, RC4, NULL, anon, and ECDH cipher suites
+ private static final String[] disabled_ciphersuites
+ = new String[] {
and
- "TLS_ECDH_anon_WITH_RC4_128_SHA"
+ "TLS_ECDH_anon_WITH_RC4_128_SHA",
+ "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
The 17u version has been used as the basis for the 11u one so this is affected too.
- backported by
-
JDK-8334625 [TESTBUG] Backport of 8279164 to 11u & 17u includes elements of JDK-8163327
- Resolved
- relates to
-
JDK-8333998 Disable TLS_ECDH_* cipher suites
- Resolved
-
JDK-8334194 Disable TLS_ECDH_* cipher suites
- Resolved
- links to
-
Commit openjdk/jdk11u-dev/fcff4a9a
-
Commit openjdk/jdk17u-dev/5c3fc1d7
-
Review openjdk/jdk11u-dev/2798
-
Review openjdk/jdk17u-dev/2593
(2 links to)