On Tue, 12 Nov 2024 19:11:48 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> The current syntax of the jdk.tls.disabledAlgorithms makes it difficult to >> disable algorithms that affect both the key exchange and authentication >> parts of a TLS cipher suite. For example, if you add "RSA" to the >> jdk.tls.disabledAlgorithms security property, it disables all cipher suites >> that use RSA, whether it is for key exchange or authentication. If you only >> want to disable cipher suites that use RSA for key exchange, the only >> workaround is to list the whole cipher suite name, so an exact match is >> done, but if there are many cipher suites that use that key exchange >> algorithm, this becomes cumbersome. > > Artur Barashev has updated the pull request incrementally with one additional > commit since the last revision: > > Use exact needed capacity for patterns list Looks good. Please update the copyright on test and I will approve. test/jdk/sun/security/ssl/CipherSuite/AbstractDisableCipherSuites.java line 2: > 1: /* > 2: * Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved. We should include 2018 in this copyright since most of it was copied from `NoDesRC4DesEdeCiphSuite.java`, so: `* Copyright (c) 2018, 2024, Oracle and/or its affiliates. All rights reserved.` ------------- PR Review: https://git.openjdk.org/jdk/pull/21841#pullrequestreview-2430584197 PR Review Comment: https://git.openjdk.org/jdk/pull/21841#discussion_r1838703184
