> The current syntax of the jdk.tls.disabledAlgorithms makes it difficult to > disable algorithms that affect both the key exchange and authentication parts > of a TLS cipher suite. For example, if you add "RSA" to the > jdk.tls.disabledAlgorithms security property, it disables all cipher suites > that use RSA, whether it is for key exchange or authentication. If you only > want to disable cipher suites that use RSA for key exchange, the only > workaround is to list the whole cipher suite name, so an exact match is done, > but if there are many cipher suites that use that key exchange algorithm, > this becomes cumbersome.
Artur Barashev has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 25 additional commits since the last revision: - Use atomic computeIfAbsent. Add more cipher suites to test. - Merge branch 'master' into JDK-8341964_regex - - Cache the patterns - Make matching case-sensitive - Update java.security documentation - Refactor the tests - "Cipher suites must start with TLS_" doc update - Update doc - Update the doc - DisabledAlgorithmConstraints already caches the results of checkAlgorithm call - Add cache of the wildcard matching results - Make matching case-insensitive. Compact the code. - 8341964: Add mechanism to disable different parts of TLS cipher suite - ... and 15 more: https://git.openjdk.org/jdk/compare/a7bf4d4a...98753b23 ------------- Changes: - all: https://git.openjdk.org/jdk/pull/21841/files - new: https://git.openjdk.org/jdk/pull/21841/files/fa693cb4..98753b23 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=21841&range=04 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=21841&range=03-04 Stats: 193673 lines in 1870 files changed: 120776 ins; 51171 del; 21726 mod Patch: https://git.openjdk.org/jdk/pull/21841.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/21841/head:pull/21841 PR: https://git.openjdk.org/jdk/pull/21841
