On Tue, 5 Nov 2024 17:40:46 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> The current syntax of the jdk.tls.disabledAlgorithms makes it difficult to >> disable algorithms that affect both the key exchange and authentication >> parts of a TLS cipher suite. For example, if you add "RSA" to the >> jdk.tls.disabledAlgorithms security property, it disables all cipher suites >> that use RSA, whether it is for key exchange or authentication. If you only >> want to disable cipher suites that use RSA for key exchange, the only >> workaround is to list the whole cipher suite name, so an exact match is >> done, but if there are many cipher suites that use that key exchange >> algorithm, this becomes cumbersome. > > Artur Barashev has updated the pull request incrementally with one additional > commit since the last revision: > > "Cipher suites must start with TLS_" doc update Changes requested by mullan (Reviewer). src/java.base/share/conf/security/java.security line 779: > 777: # See the specification of "jdk.certpath.disabledAlgorithms" for the > 778: # syntax of the disabled algorithm string. Additionally, TLS cipher > suites > 779: # can be disabled here using "*" wildcard syntax. For example "TLS_RSA_*" Suggest not using "here" and instead say "with this property", ex: "... can be disabled with this property using ..." src/java.base/share/conf/security/java.security line 780: > 778: # syntax of the disabled algorithm string. Additionally, TLS cipher > suites > 779: # can be disabled here using "*" wildcard syntax. For example "TLS_RSA_*" > 780: # disables all cipher suites that start with "TLS_RSA_". Only the > algorithms s/the algorithms/cipher suites/ s/have/have a/ Can you only have one wildcard and must it have nothing after it? If so, we should also state those constraints. ------------- PR Review: https://git.openjdk.org/jdk/pull/21841#pullrequestreview-2416743130 PR Review Comment: https://git.openjdk.org/jdk/pull/21841#discussion_r1830031486 PR Review Comment: https://git.openjdk.org/jdk/pull/21841#discussion_r1830033235
