Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8208350 Disable all DES cipher suites
  3. JDK-8209658

Release Note: Disabled All DES TLS Cipher Suites

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: P3
    • Resolution: Delivered
    • Affects Version/s: 6u211, 7u201, 8u191, 11.0.1, 12
    • Fix Version/s: 12
    • Component/s: security-libs

      Backports

        Description

        DES-based TLS cipher suites are considered obsolete and should no longer be used. DES-based cipher suites have been deactivated by default in the SunJSSE implementation by adding the "DES" identifier to the `jdk.tls.disabledAlgorithms` security property. These cipher suites can be reactivated by removing "DES" from the `jdk.tls.disabledAlgorithms` security property in the `java.security` file or by dynamically calling the `Security.setProperty()` method. In both cases re-enabling DES must be followed by adding DES-based cipher suites to the enabled cipher suite list using the `SSLSocket.setEnabledCipherSuites()` or `SSLEngine.setEnabledCipherSuites()` methods.

        Note that prior to this change, DES40_CBC (but not all DES) suites were disabled via the `jdk.tls.disabledAlgorithms` security property.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                jnimeh Jamil Nimeh
                Reporter:
                jnimeh Jamil Nimeh
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: