Re: [15] RFR: 8238560: Cleanup and consolidate algorithms in the jdk.tls.legacyAlgorithms security property

Thu, 20 Feb 2020 13:01:15 -0800 

Hi Bernd,

On 2/20/20 12:48 PM, Bernd Eckenfels wrote:

Hello Sean,
Are the separate entries for 3DES and DES needed or can they also be collapsed?
DES will not match 3DES if that's what you mean, so yes the separate entries are needed.
BTW i am always unsre about the interactions of setting the Protocol and the enabled ciphers so I am in the habit to set the protocols before using getEnabled or setting enabled ciphers. I guess it makes no difference but for that reason I would move line 76 before 73  in the test. 

I don't think it matters, but I switched it in any case.
Also, your comment made me realize I missed testing a 3DES suite, so I added "TLS_RSA_WITH_3DES_EDE_CBC_SHA" to the list of LEGACY_SUITES in the test. It's a minor change, so I'm not posting another webrev. 

--Sean



Gruss
Bernd
--
http://bernd.eckenfels.net
------------------------------------------------------------------------
*Von:* security-dev <security-dev-boun...@openjdk.java.net> im Auftrag von Sean Mullan <sean.mul...@oracle.com> 
*Gesendet:* Thursday, February 20, 2020 2:01:59 PM
*An:* security Dev OpenJDK <security-dev@openjdk.java.net>
*Betreff:* [15] RFR: 8238560: Cleanup and consolidate algorithms in the jdk.tls.legacyAlgorithms security property 
Please review this change to cleanup and consolidate the default value
of the jdk.tls.legacyAlgorithms security property. The following changes
have been made:

1. Changed K_NULL, C_NULL, M_NULL to NULL, which will cover all null
cipher suites. The *_NULL algorithms were implementation details and not
compliant with the specification of the property.

2. Changed DH_anon, ECDH_anon to anon, which will cover all cipher
suites using anonymous authentication.

3. Changed RC4_128, RC4_40 to RC4, which will cover all cipher suites
using RC4 for encryption.

4. Changed DES_CBC, DES40_CBC to DES, which will cover all cipher suites
using DES for encryption.

I also added a new regression test.

CSR: https://bugs.openjdk.java.net/browse/JDK-8239377
webrev: http://cr.openjdk.java.net/~mullan/webrevs/8238560/webrev.00/

Thanks,
Sean

Reply via email to