Hi Sean, > -----Original Message----- > Subject: Re: Allow to define the list of enabled named curves for EC cipher > suites as Security Property > > On 8/19/19 7:33 AM, Christian Schaefer wrote: > > Hi all, > > > > Today, the list of enabled named curves for EC cipher suites can be > > specified as "System Property" (name of the system property is > > jdk.tls.namedGroups) in JDK 8 and later. It seems like it cannot be > > specified as "Security Property". So unlike jdk.tls.disabledAlgorithms > > and jdk.certpath.disabledAlgorithms the property jdk.tls.namedGroups > > cannot be specified in the security properties file (i.e. > > lib/security/java.security). > > In JDK 14, we have added the ability to restrict named groups (and signature > schemes) in the jdk.tls.disabledAlgorithms security property: > > https://bugs.openjdk.java.net/browse/JDK-8227445 > > Does this address your concern?
Absolutely. Thanks a lot! Are there any plans to backport this to JDK 8? > > > Is there any chance to enhance this in a future version so that > > jdk.tls.namedGroups can also be specified in the security properties > > file or is there a reason which I don't see that explains why > > jdk.tls.namedGroups can only be specified as System Property? > > There's no precise reason that I know of, but the default is typically > sufficient > and secure for most applications and the system property allows you to > adjust it on a per-application basis. This is similar to the system > properties for > the enabled cipher suites: > jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites. > Ok, perfect. Thanks, Christian. > Thanks, > Sean >
