> The current syntax of the jdk.tls.disabledAlgorithms makes it difficult to > disable algorithms that affect both the key exchange and authentication parts > of a TLS cipher suite. For example, if you add "RSA" to the > jdk.tls.disabledAlgorithms security property, it disables all cipher suites > that use RSA, whether it is for key exchange or authentication. If you only > want to disable cipher suites that use RSA for key exchange, the only > workaround is to list the whole cipher suite name, so an exact match is done, > but if there are many cipher suites that use that key exchange algorithm, > this becomes cumbersome.
Artur Barashev has updated the pull request incrementally with one additional commit since the last revision: - No need to scan algorithms for "*" and "TLS_" over and over again - No need for cache lookups - Exclude patterns from algorithm code flow - Restrict changes to DisabledAlgorithmConstraints ------------- Changes: - all: https://git.openjdk.org/jdk/pull/21841/files - new: https://git.openjdk.org/jdk/pull/21841/files/9babb956..e4977d40 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=21841&range=09 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=21841&range=08-09 Stats: 70 lines in 2 files changed: 34 ins; 34 del; 2 mod Patch: https://git.openjdk.org/jdk/pull/21841.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/21841/head:pull/21841 PR: https://git.openjdk.org/jdk/pull/21841
