On Mon, 18 Nov 2024 21:39:32 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> These cipher suites do not preserve forward-secrecy and are not commonly >> used. Other TLS implementations (ex: Rustls) do not support or enable these >> suites by default. RFC 9325 [1] states that these suites should not be used. >> The IETF Draft "Deprecating Obsolete Key Exchange Methods in TLS" [2] >> mandates that these suites not be used. >> >> Some TLS_RSA_* cipher suites are already disabled because they use DES, >> 3DES, RC4, or NULL, which are disabled. This action will disable all >> remaining TLS_RSA cipher suites. >> >> [1] RFC 9325, Recommendations for Secure Use of TLS and DTLS >> (https://www.rfc-editor.org/rfc/rfc9325.html#section-4.1-2.5.1): >> "Implementations SHOULD NOT negotiate cipher suites based on RSA key >> transport, a.k.a. "static RSA". Rationale: These cipher suites, which have >> assigned values starting with the string "TLS_RSA_WITH_*", have several >> drawbacks, especially the fact that they do not support forward secrecy." >> [2] IETF Draft, Deprecating Obsolete Key Exchange Methods in TLS >> (https://www.ietf.org/archive/id/draft-ietf-tls-deprecate-obsolete-kex-05.html#section-4): >> "Clients MUST NOT offer and servers MUST NOT select RSA cipher suites in >> TLS 1.2 connections. (Note that TLS 1.0 and 1.1 are deprecated by [RFC8996], >> and TLS 1.3 does not support static RSA [RFC8446].)" > > test/jdk/javax/net/ssl/TLSv11/GenericBlockCipher.java line 178: > >> 176: // Re-enable TLSv1.1 since test depends on it. >> 177: SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1"); >> 178: SecurityUtils.removeFromDisabledTlsAlgs("TLS_RSA_*"); > > You can put more than one alg in the same call, i.e. > `SecurityUtils.removeFromDisabledTlsAlgs("TLSv1.1", "TLS_RSA_*");` Done ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/22163#discussion_r1848777853
