Hello Sean, Are the separate entries for 3DES and DES needed or can they also be collapsed?
BTW i am always unsre about the interactions of setting the Protocol and the enabled ciphers so I am in the habit to set the protocols before using getEnabled or setting enabled ciphers. I guess it makes no difference but for that reason I would move line 76 before 73 in the test. Gruss Bernd -- http://bernd.eckenfels.net ________________________________ Von: security-dev <security-dev-boun...@openjdk.java.net> im Auftrag von Sean Mullan <sean.mul...@oracle.com> Gesendet: Thursday, February 20, 2020 2:01:59 PM An: security Dev OpenJDK <security-dev@openjdk.java.net> Betreff: [15] RFR: 8238560: Cleanup and consolidate algorithms in the jdk.tls.legacyAlgorithms security property Please review this change to cleanup and consolidate the default value of the jdk.tls.legacyAlgorithms security property. The following changes have been made: 1. Changed K_NULL, C_NULL, M_NULL to NULL, which will cover all null cipher suites. The *_NULL algorithms were implementation details and not compliant with the specification of the property. 2. Changed DH_anon, ECDH_anon to anon, which will cover all cipher suites using anonymous authentication. 3. Changed RC4_128, RC4_40 to RC4, which will cover all cipher suites using RC4 for encryption. 4. Changed DES_CBC, DES40_CBC to DES, which will cover all cipher suites using DES for encryption. I also added a new regression test. CSR: https://bugs.openjdk.java.net/browse/JDK-8239377 webrev: http://cr.openjdk.java.net/~mullan/webrevs/8238560/webrev.00/ Thanks, Sean
