On Thu, 3 Nov 2022 20:39:52 GMT, Sean Mullan <mul...@openjdk.org> wrote:

>> This change will disable TLS_ECDH_* cipher suites by default. These cipher 
>> suites do not preserve forward secrecy and are rarely used in practice. See 
>> the CSR for more details and rationale.
>> 
>> Users will still be able to enable the suites (at their own risk) by 
>> removing "ECDH" from the `jdk.tls.disabledAlgorithms` security property.
>
> Sean Mullan has updated the pull request with a new target base due to a 
> merge or a rebase. The incremental webrev excludes the unrelated changes 
> brought in by the merge/rebase. The pull request contains two additional 
> commits since the last revision:
> 
>  - Merge
>  - Initial revision.

LGTM other than the typos.

test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java line 85:

> 83:         "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
> 84: 
> 85:         // AES_256(GCM) - not forward screcy

Can you please fix the rest of the"screcy" typos in this file?

-------------

Marked as reviewed by wetmore (Reviewer).

PR: https://git.openjdk.org/jdk/pull/10969

Reply via email to