changeset 17437:bbc29a64ac45

8163237: Restrict the use of EXPORT cipher suites Reviewed-by: mullan, igerasim, rhalade, jnimeh
author xuelei
date Tue, 31 Oct 2017 01:00:12 +0000
parents b58bf3ec7a15
children 07e43269c710
files src/java.base/share/conf/security/java.security test/sun/security/ssl/ClientHandshaker/RSAExport.java
diffstat 2 files changed, 2 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/conf/security/java.security	Wed Oct 18 11:02:47 2017 +0800
+++ b/src/java.base/share/conf/security/java.security	Tue Oct 31 01:00:12 2017 +0000
@@ -676,7 +676,7 @@
 # Example:
 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
-    EC keySize < 224
+    EC keySize < 224, DES40_CBC, RC4_40
 
 #
 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
@@ -737,8 +737,6 @@
 #
 jdk.tls.legacyAlgorithms= \
         K_NULL, C_NULL, M_NULL, \
-        DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
-        DH_RSA_EXPORT, RSA_EXPORT, \
         DH_anon, ECDH_anon, \
         RC4_128, RC4_40, DES_CBC, DES40_CBC, \
         3DES_EDE_CBC
--- a/test/sun/security/ssl/ClientHandshaker/RSAExport.java	Wed Oct 18 11:02:47 2017 +0800
+++ b/test/sun/security/ssl/ClientHandshaker/RSAExport.java	Tue Oct 31 01:00:12 2017 +0000
@@ -419,6 +419,7 @@
         // reset the security property to make sure that the algorithms
         // and keys used in this test are not disabled.
         Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
+        Security.setProperty("jdk.tls.disabledAlgorithms", "MD2");
 
         if (debug)
             System.setProperty("javax.net.debug", "all");