On Fri, 1 Nov 2024 18:06:30 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
> The current syntax of the jdk.tls.disabledAlgorithms makes it difficult to > disable algorithms that affect both the key exchange and authentication parts > of a TLS cipher suite. For example, if you add "RSA" to the > jdk.tls.disabledAlgorithms security property, it disables all cipher suites > that use RSA, whether it is for key exchange or authentication. If you only > want to disable cipher suites that use RSA for key exchange, the only > workaround is to list the whole cipher suite name, so an exact match is done, > but if there are many cipher suites that use that key exchange algorithm, > this becomes cumbersome. This pull request has now been integrated. Changeset: 697f27c5 Author: Artur Barashev <abaras...@openjdk.org> Committer: Sean Mullan <mul...@openjdk.org> URL: https://git.openjdk.org/jdk/commit/697f27c5d53dbe275685b87c8ed1bcfe4da6e4d0 Stats: 775 lines in 6 files changed: 506 ins; 254 del; 15 mod 8341964: Add mechanism to disable different parts of TLS cipher suite Reviewed-by: mullan, ascarpino ------------- PR: https://git.openjdk.org/jdk/pull/21841
