[11u] [BACKOUT] JDK-8301379 Verify TLS_ECDH_* cipher suites cannot be negotiated

XMLWordPrintable

      After backporting JDK-8301379 to JDK-11 the folllowing tests fail:

      - javax/net/ssl/ciphersuites/DisabledAlgorithms.java: Check if weak cipher suites are disabled
      - javax/net/ssl/ciphersuites/TLSWontNegotiateDisabledCipherAlgos.java#Client: Verify that Java will not negotiate disabled cipher suites when the other side of the connection requests them.
      - javax/net/ssl/ciphersuites/TLSWontNegotiateDisabledCipherAlgos.java#Server: Verify that Java will not negotiate disabled cipher suites when the other side of the connection requests them.

      Fixing them will require to backport to JDK-11 at least the following test refactorings in JDK-17:

      - 8306015: Update sun.security.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate
      - 8306014: Update javax.net.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate
      - 8284047: Harmonize/Standardize the SSLSocket/SSLEngine/SSLSocketSSLEngine test templates

      For the time being the best course of action seems to be to backout JDK-8301379 until those other issues are backported.

        1. DisabledAlgorithms.jtr
          13 kB
        2. TLSWontNegotiateDisabledCipherAlgos_Client.jtr
          15 kB
        3. TLSWontNegotiateDisabledCipherAlgos_Server.jtr
          15 kB

            Assignee:
            Antonio Vieiro
            Reporter:
            Antonio Vieiro
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: