mirror of
https://github.com/openjdk/jdk.git
synced 2025-08-27 14:54:52 +02:00
8163327: Remove 3DES from the default enabled cipher suites list
Reviewed-by: xuelei
This commit is contained in:
Sean Mullan
parent
f01773956f
commit
138460c004
4 changed files with 102 additions and 54 deletions
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2002, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
|
|
@ -54,9 +54,9 @@ enum CipherSuite {
|
|||
// changed later, see below).
|
||||
// 2. Prefer forward secrecy cipher suites.
|
||||
// 3. Prefer the stronger bulk cipher, in the order of AES_256(GCM),
|
||||
// AES_128(GCM), AES_256, AES_128, 3DES-EDE.
|
||||
// AES_128(GCM), AES_256, AES_128.
|
||||
// 4. Prefer the stronger MAC algorithm, in the order of SHA384,
|
||||
// SHA256, SHA, MD5.
|
||||
// SHA256, SHA.
|
||||
// 5. Prefer the better performance of key exchange and digital
|
||||
// signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,
|
||||
// DHE-RSA, DHE-DSS, ECDH-ECDSA, ECDH-RSA, RSA.
|
||||
|
|
@ -327,41 +327,6 @@ enum CipherSuite {
|
|||
ProtocolVersion.PROTOCOLS_TO_12,
|
||||
K_RSA, B_AES_128, M_SHA, H_SHA256),
|
||||
|
||||
// 3DES_EDE, forward secrecy.
|
||||
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(
|
||||
0xC008, true, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "",
|
||||
ProtocolVersion.PROTOCOLS_TO_12,
|
||||
K_ECDHE_ECDSA, B_3DES, M_SHA, H_SHA256),
|
||||
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(
|
||||
0xC012, true, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "",
|
||||
ProtocolVersion.PROTOCOLS_TO_12,
|
||||
K_ECDHE_RSA, B_3DES, M_SHA, H_SHA256),
|
||||
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA(
|
||||
0x0016, true, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
ProtocolVersion.PROTOCOLS_TO_12,
|
||||
K_DHE_RSA, B_3DES, M_SHA, H_SHA256),
|
||||
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA(
|
||||
0x0013, true, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
|
||||
"TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
|
||||
ProtocolVersion.PROTOCOLS_TO_12,
|
||||
K_DHE_DSS, B_3DES, M_SHA, H_SHA256),
|
||||
|
||||
// 3DES_EDE, not forward secrecy.
|
||||
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(
|
||||
0xC003, true, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "",
|
||||
ProtocolVersion.PROTOCOLS_TO_12,
|
||||
K_ECDH_ECDSA, B_3DES, M_SHA, H_SHA256),
|
||||
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(
|
||||
0xC00D, true, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "",
|
||||
ProtocolVersion.PROTOCOLS_TO_12,
|
||||
K_ECDH_RSA, B_3DES, M_SHA, H_SHA256),
|
||||
SSL_RSA_WITH_3DES_EDE_CBC_SHA(
|
||||
0x000A, true, "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
ProtocolVersion.PROTOCOLS_TO_12,
|
||||
K_RSA, B_3DES, M_SHA, H_SHA256),
|
||||
|
||||
// Renegotiation protection request Signalling Cipher Suite Value (SCSV).
|
||||
TLS_EMPTY_RENEGOTIATION_INFO_SCSV( // RFC 5746, TLS 1.2 and prior
|
||||
0x00FF, true, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", "",
|
||||
|
|
@ -413,6 +378,41 @@ enum CipherSuite {
|
|||
0x0034, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA", "",
|
||||
ProtocolVersion.PROTOCOLS_TO_12,
|
||||
K_DH_ANON, B_AES_128, M_SHA, H_SHA256),
|
||||
|
||||
// 3DES_EDE, forward secrecy.
|
||||
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(
|
||||
0xC008, false, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "",
|
||||
ProtocolVersion.PROTOCOLS_TO_12,
|
||||
K_ECDHE_ECDSA, B_3DES, M_SHA, H_SHA256),
|
||||
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(
|
||||
0xC012, false, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "",
|
||||
ProtocolVersion.PROTOCOLS_TO_12,
|
||||
K_ECDHE_RSA, B_3DES, M_SHA, H_SHA256),
|
||||
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA(
|
||||
0x0016, false, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
ProtocolVersion.PROTOCOLS_TO_12,
|
||||
K_DHE_RSA, B_3DES, M_SHA, H_SHA256),
|
||||
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA(
|
||||
0x0013, false, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
|
||||
"TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
|
||||
ProtocolVersion.PROTOCOLS_TO_12,
|
||||
K_DHE_DSS, B_3DES, M_SHA, H_SHA256),
|
||||
|
||||
// 3DES_EDE, not forward secrecy.
|
||||
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(
|
||||
0xC003, false, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "",
|
||||
ProtocolVersion.PROTOCOLS_TO_12,
|
||||
K_ECDH_ECDSA, B_3DES, M_SHA, H_SHA256),
|
||||
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(
|
||||
0xC00D, false, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "",
|
||||
ProtocolVersion.PROTOCOLS_TO_12,
|
||||
K_ECDH_RSA, B_3DES, M_SHA, H_SHA256),
|
||||
SSL_RSA_WITH_3DES_EDE_CBC_SHA(
|
||||
0x000A, false, "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
ProtocolVersion.PROTOCOLS_TO_12,
|
||||
K_RSA, B_3DES, M_SHA, H_SHA256),
|
||||
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA(
|
||||
0xC017, false, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "",
|
||||
ProtocolVersion.PROTOCOLS_TO_12,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue