On Fri, 15 Nov 2024 19:50:33 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
> These cipher suites do not preserve forward-secrecy and are not commonly > used. Other TLS implementations (ex: Rustls) do not support or enable these > suites by default. RFC 9325 [1] states that these suites should not be used. > The IETF Draft "Deprecating Obsolete Key Exchange Methods in TLS" [2] > mandates that these suites not be used. > > Some TLS_RSA_* cipher suites are already disabled because they use DES, 3DES, > RC4, or NULL, which are disabled. This action will disable all remaining > TLS_RSA cipher suites. > > [1] RFC 9325, Recommendations for Secure Use of TLS and DTLS > (https://www.rfc-editor.org/rfc/rfc9325.html#section-4.1-2.5.1): > "Implementations SHOULD NOT negotiate cipher suites based on RSA key > transport, a.k.a. "static RSA". Rationale: These cipher suites, which have > assigned values starting with the string "TLS_RSA_WITH_*", have several > drawbacks, especially the fact that they do not support forward secrecy." > [2] IETF Draft, Deprecating Obsolete Key Exchange Methods in TLS > (https://www.ietf.org/archive/id/draft-ietf-tls-deprecate-obsolete-kex-05.html#section-4): > "Clients MUST NOT offer and servers MUST NOT select RSA cipher suites in TLS > 1.2 connections. (Note that TLS 1.0 and 1.1 are deprecated by [RFC8996], and > TLS 1.3 does not support static RSA [RFC8446].)" test/jdk/javax/net/ssl/DTLS/CipherSuite.java line 71: > 69: > 70: public static void main(String[] args) throws Exception { > 71: SecurityUtils.removeFromDisabledTlsAlgs("TLS_RSA_*"); Instead, you can add the "re-enable" argument to the @run lines starting with "TLS_RSA_". test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java line 52: > 50: import javax.net.ssl.SSLSocketFactory; > 51: > 52: import jdk.test.lib.security.SecurityUtils; Typically internal imports are listed after standard imports. test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java line 178: > 176: // Re-enable TLSv1.1 since test depends on it. > 177: SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); > 178: SecurityUtils.removeFromDisabledTlsAlgs("TLS_RSA_*"); You can put more than one alg in the same call, i.e. `SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1", "TLS_RSA_*");` test/jdk/javax/net/ssl/sanity/ciphersuites/CheckCipherSuites.java line 241: > 239: > 240: public static void main(String[] args) throws Exception { > 241: SecurityUtils.removeFromDisabledTlsAlgs("TLS_RSA_*"); This test verifies that only the enabled suites are what are expected, and we didn't accidentally re-enable a cipher suite. You should not be re-enabling any disabled suites. Instead remove TLS_RSA from the static String arrays. test/jdk/javax/net/ssl/sanity/ciphersuites/SystemPropCipherSuitesOrder.java line 86: > 84: > 85: public static void main(String[] args) { > 86: SecurityUtils.removeFromDisabledTlsAlgs("TLS_RSA_*"); A suggestion - re-enable TLS_RSA only if you need to. You could check if `servercipherSuites` or `clientciphersuites` starts with "TLS_RSA". ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/22163#discussion_r1847297410 PR Review Comment: https://git.openjdk.org/jdk/pull/22163#discussion_r1847310890 PR Review Comment: https://git.openjdk.org/jdk/pull/22163#discussion_r1847311819 PR Review Comment: https://git.openjdk.org/jdk/pull/22163#discussion_r1847308667 PR Review Comment: https://git.openjdk.org/jdk/pull/22163#discussion_r1847318221
