On Tue, 22 Mar 2022 12:28:14 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/CipherSuite.java line 425:
>>
>>> 423: ProtocolVersion.PROTOCOLS_TO_12,
>>> 424: K_RSA, B_3DES, M_SHA, H_SHA256),
>>> 425:
>>
>> It is good to have the supported cipher suites ordered. So it may be nice
>> to have this block between line 348 and 349.
>
> Can you be more specific? I'm not following where you think they should be
> ordered. Are you suggesting they should be ordered before the anon suites
> even though most of them use stronger algorithms? Also, does the order matter
> if the application is going to be setting them via APIs? For example, if an
> application calls `SSLSocket.setEnabledCipherSuites(new String[] {
> "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"
> })` is the order specified respected? Or does the provider re-order it
> according to this file?
In some situation, applications may set the supported cipher suites as the
enabled cipher suites. Therefore, the supported cipher suites are also ordered
in the current implementation, even though not strictly. Although 3DES suites
are pretty weak, but they m be better than anon suites in practice, I think.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7894
