Details

    • Type: Sub-task
    • Status: Closed
    • Priority: P3
    • Resolution: Delivered
    • Affects Version/s: 6u211, 7u201, 8u191, 11.0.1, 12
    • Fix Version/s: 12
    • Component/s: security-libs

      Backports

        Description

        DES-based TLS cipher suites are considered obsolete and should no longer be used. DES-based cipher suites have been deactivated by default in the SunJSSE implementation by adding the "DES" identifier to the `jdk.tls.disabledAlgorithms` security property. These cipher suites can be reactivated by removing "DES" from the `jdk.tls.disabledAlgorithms` security property in the `java.security` file or by dynamically calling the `Security.setProperty()` method. In both cases re-enabling DES must be followed by adding DES-based cipher suites to the enabled cipher suite list using the `SSLSocket.setEnabledCipherSuites()` or `SSLEngine.setEnabledCipherSuites()` methods.

        Note that prior to this change, DES40_CBC (but not all DES) suites were disabled via the `jdk.tls.disabledAlgorithms` security property.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  jnimeh Jamil Nimeh
                  Reporter:
                  jnimeh Jamil Nimeh
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: