Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8163327 Remove 3DES from the default enabled cipher suites list
  3. JDK-8283569

Release Note: TLS Cipher Suites using 3DES Removed from the Default Enabled List

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: P4
    • Resolution: Delivered
    • Affects Version/s: 19
    • Fix Version/s: 19
    • Component/s: security-libs
    • Labels:

      Description

      The following TLS cipher suites that use the obsolete 3DES algorithm have been removed from the default list of enabled cipher suites:

       - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
       - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
       - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
       - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
       - TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
       - TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
       - SSL_RSA_WITH_3DES_EDE_CBC_SHA

      Note that cipher suites using 3DES are already disabled by default in the `jdk.tls.disabledAlgorithms` security property. You may use these suites at your own risk by removing 3DES_EDE_CBC from the `jdk.tls.disabledAlgorithms` security property and re-enabling the suites via the `setEnabledCipherSuites()` method of the `SSLSocket`, `SSLServerSocket` or `SSLEngine` classes. Alternatively, if an application is using the `HttpsURLConnection` class, the `https.cipherSuites` system property can be used to re-enable the suites.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            mullan Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: