8208350: Disable all DES cipher suites

Reviewed-by: xuelei, mullan
2025-09-20 11:04:34 +02:00 · 2018-08-20 15:37:47 -07:00 · 2018-08-20 15:37:47 -07:00 · 8eb45613db
commit 8eb45613db
parent 95db6924f2
4 changed files with 366 additions and 20 deletions
--- a/src/java.base/share/classes/sun/security/ssl/CipherSuite.java
+++ b/src/java.base/share/classes/sun/security/ssl/CipherSuite.java
@ -435,12 +435,12 @@ enum CipherSuite {
            0x0003, false, "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
                           "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
            ProtocolVersion.PROTOCOLS_TO_10,
-            K_RSA_EXPORT, B_DES_40, M_MD5, H_NONE),
+            K_RSA_EXPORT, B_RC4_40, M_MD5, H_NONE),
    SSL_DH_anon_EXPORT_WITH_RC4_40_MD5(
            0x0017, false, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
                           "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",
            ProtocolVersion.PROTOCOLS_TO_10,
-            K_DH_ANON, B_DES_40, M_MD5, H_NONE),
+            K_DH_ANON, B_RC4_40, M_MD5, H_NONE),

    // no traffic encryption cipher suites
    TLS_RSA_WITH_NULL_SHA256(
--- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security
@ -675,8 +675,8 @@ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
 #
 # Example:
 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
-jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
-    EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
+jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
+    EC keySize < 224, 3DES_EDE_CBC

 #
 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)