On Tue, 17 Nov 2020 17:55:19 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> This change disables the TLSv1 and TLSv1.1 protocols by adding them to the >> jdk.tls.disabledAlgorithms security property in the java.security file. >> These protocols use weak algorithms and are being deprecated by the IETF. >> They should be disabled by default to improve the default security >> configuration of the JDK. See the CSR for more rationale: >> https://bugs.openjdk.java.net/browse/JDK-8254713 >> >> The fix mostly involves changes to existing tests that for one reason or >> another depend on the TLSv1 and TLSv1.1 protocols being enabled. There is a >> new test specifically for this issue: >> test/jdk/sun/security/ssl/SSLContextImpl/SSLContextDefault.java > > Sean Mullan has updated the pull request incrementally with one additional > commit since the last revision: > > More test changes. Marked as reviewed by coffeys (Reviewer). test/lib/jdk/test/lib/security/SecurityUtils.java line 64: > 62: } > 63: > 64: private static void removeFromDisabledAlgs(String prop, List<String> > algs) { Useful utility method. Maybe it can be made public/ opened up and renamed to something like "removeFromSecurityProperty" perhaps ? could be done at a later time perhaps. ------------- PR: https://git.openjdk.java.net/jdk/pull/1235
