On Tue, 5 Nov 2024 17:40:46 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> The current syntax of the jdk.tls.disabledAlgorithms makes it difficult to
>> disable algorithms that affect both the key exchange and authentication
>> parts of a TLS cipher suite. For example, if you add "RSA" to the
>> jdk.tls.disabledAlgorithms security property, it disables all cipher suites
>> that use RSA, whether it is for key exchange or authentication. If you only
>> want to disable cipher suites that use RSA for key exchange, the only
>> workaround is to list the whole cipher suite name, so an exact match is
>> done, but if there are many cipher suites that use that key exchange
>> algorithm, this becomes cumbersome.
>
> Artur Barashev has updated the pull request incrementally with one additional
> commit since the last revision:
>
> "Cipher suites must start with TLS_" doc update
src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
line 118:
> 116: if (!pattern.toUpperCase(Locale.ENGLISH).startsWith("TLS_"))
> {
> 117: throw new IllegalArgumentException(
> 118: "Wildcard pattern should start with 'TLS_'");
s/should/must/
test/jdk/sun/security/ssl/CipherSuite/NoDesRC4DesEdeCiphSuite.java line 46:
> 44: import java.util.Arrays;
> 45:
> 46: public class NoDesRC4DesEdeCiphSuite {
I suggest making a new abstract class with the general test methods, and then
making this a subclass of it.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21841#discussion_r1831062655
PR Review Comment: https://git.openjdk.org/jdk/pull/21841#discussion_r1831081744
