[JDK-8163326] Update the default enabled cipher suites preference - Java Bug System

Details

Type: Enhancement
Status: Resolved
Priority: P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 13
Component/s: security-libs
Labels:
- release-note=yes
- security-disabled-algs-rfe

Subcomponent:
javax.net.ssl
Resolved In Build:
b16

Description

At present, the SunJSSE provider prefers the better performance of key exchange and digital signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA, RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS.

Forward secrecy should be preferable first. If the DHE ephemeral key limitation get resolved, the order should be changed to ECDHE-ECDSA, ECDHE-RSA, DHE-RSA, DHE-DSS, ECDH-ECDSA, ECDH-RSA, RSA.

Attachments

Issue Links

csr for

JDK-8219545 Update the default enabled cipher suites preference

Closed

relates to

JDK-8204636 Improvement of TLS 1.3 implementation

Open

Options

Sub-Tasks

Release Note: Updated the Default Enabled Cipher Suites Preference

Closed

Xue-Lei Fan

Activity

People

Assignee:

Xue-Lei Fan

Reporter:

Xue-Lei Fan

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2016-08-06 00:28

Updated:

2019-09-26 08:40

Resolved:

2019-04-04 14:23