Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8163327

Remove 3DES from the default enabled cipher suites list

    XMLWordPrintable

Details

    Description

      Per RFC 7525, implementations SHOULD NOT negotiate cipher suites that use algorithms offering less than 128 bits of security. The strength of 3DES is 112 bits, which is less than 128 bits of security.

      Cipher suites using 3DES are already disabled by default via the jdk.tls.disabledAlgorithms security property. This change would go one step further and not make them available by default, even if removed from the jdk.tls.disabledAlgorithms security property.

      Attachments

        Issue Links

          csr for

          CSR - null JDK-8283450 Remove 3DES from the default enabled cipher suites list

          • P4 - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. JDK-8165712 Grant permission to read specific properties instead of all to the jdk.crypto.ucrypto module

          • P3 - Major loss of function.
          • Resolved
          links to

          Commit Commit openjdk/jdk/138460c0

          Review Review openjdk/jdk/7894

          Activity

            People

              mullan Sean Mullan
              xuelei Xuelei Fan
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: