On Tue, 5 Nov 2024 21:36:12 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one >> additional commit since the last revision: >> >> "Cipher suites must start with TLS_" doc update > > src/java.base/share/conf/security/java.security line 780: > >> 778: # syntax of the disabled algorithm string. Additionally, TLS cipher >> suites >> 779: # can be disabled here using "*" wildcard syntax. For example >> "TLS_RSA_*" >> 780: # disables all cipher suites that start with "TLS_RSA_". Only the >> algorithms > > s/the algorithms/cipher suites/ > s/have/have a/ > > Can you only have one wildcard and must it have nothing after it? If so, we > should also state those constraints. - Will do. I actually used `algorithms` specifically to avoid confusion since the property is called `jdk.tls.disabledAlgorithms`. But I guess `cipher suites` works well too given the context. - About using only one wildcard: we actually currently allow pretty much full regex syntax as long as at least one "*" is present, we only replace "*" with ".*" internally. One wildcard may not be enough to disable some cipher suites in the future. I will update the description that multiple wildcards are allowed. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/21841#discussion_r1830051016
