-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
P4
-
Affects Version/s: 26
-
Component/s: security-libs
-
None
-
Cause Known
The jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system properties allow a custom set of cipher suites to be used for the default JDK SSLContext.
If such properties specify cipher suites not supported by the JDK, then the JDK falls back to using the default cipher suite list (as if no property was specified). This seems like unexpected behavior. Should the JDK error out and throw an exception instead ?
e.g.
run a TLS client with -Djdk.tls.client.cipherSuites=TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
Above cipher suite is not supported by the default JSSE provider. The end result is a ClientHello handshake with all default enabled cipher suites.
If such properties specify cipher suites not supported by the JDK, then the JDK falls back to using the default cipher suite list (as if no property was specified). This seems like unexpected behavior. Should the JDK error out and throw an exception instead ?
e.g.
run a TLS client with -Djdk.tls.client.cipherSuites=TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
Above cipher suite is not supported by the default JSSE provider. The end result is a ClientHello handshake with all default enabled cipher suites.
- links to
-
Review(master)
openjdk/jdk/28499