Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8219657

Use server cipher suites preference by default

    Details

    • Type: CSR
    • Status: Closed
    • Priority: P3
    • Resolution: Approved
    • Fix Version/s: 13
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Compatibility Kind:
      behavioral
    • Compatibility Risk:
      minimal
    • Compatibility Risk Description:
      The compatibility risk should be minimal as no matter which preference is used, the selected cipher suite is supported by both the client and server side.
    • Interface Kind:
      Java API
    • Scope:
      JDK

      Description

      Summary

      Propose to use server cipher suite preference by default for TLS handshaking in the SunJSSE provider.

      Problem

      In TLS protocols, a cipher suite defines a series of security parameters. In general, both client and server support multiple cipher suites.

      During the handshaking, the client side requests to negotiate one of them. In the client request, the cipher suites are listed in descending order of client preference.

      Then the server side selects one cipher suite from the list. The selection may honor the client requested preference, or the server preference of itself. As could be configured with the SSLParameters.setUseCipherSuitesOrder​() method.

      In the SunJSSE provider, the server honors the client cipher suite preference by default. It is easier to maintain if using the server cipher suite preference, and then the server can have more control over the security parameters of TLS connections.

      Solution

      Update the SunJSSE provider implementation to use server side cipher suite preference by default. Applications can change the behavior with the existing SSLParameters.setUseCipherSuitesOrder​() method.

      Note that this update impact the SunJSSE provider only. There is no impact on the behavior and specification of SSLParameters.

      Specification

      See "Solution" section.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                xuelei Xue-Lei Fan
                Reporter:
                xuelei Xue-Lei Fan
                Reviewed By:
                Sean Mullan
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: