Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8266090

Update the default enabled cipher suites preference for Oracle JDK 7u

    XMLWordPrintable

    Details

    • Type: CSR
    • Status: Closed
    • Priority: P3
    • Resolution: Approved
    • Fix Version/s: 7-pool
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Compatibility Kind:
      behavioral
    • Compatibility Risk:
      minimal
    • Compatibility Risk Description:
      Hide
      The impact should be minimal as only the default enabled cipher suites preference order is changed. Preference of DHE_RSA over RSA could increase group/size related interoperability problems. However it is expected that this is mitigated by the fact that existing implementations have been confronted with bigger DHE keys for some time now. Besides many existing servers prefer ECDHE or would have picked DHE over RSA anyway.
      Show
      The impact should be minimal as only the default enabled cipher suites preference order is changed. Preference of DHE_RSA over RSA could increase group/size related interoperability problems. However it is expected that this is mitigated by the fact that existing implementations have been confronted with bigger DHE keys for some time now. Besides many existing servers prefer ECDHE or would have picked DHE over RSA anyway.
    • Interface Kind:
      Other
    • Scope:
      JDK

      Description

      Summary

      Propose to update the default enabled cipher suites preference in the SunJSSE provider for the Oracle JDK 7u. This is a partial backport of enhancement already done in JDK 13.

      For Oracle JDK 7u, CBC suites will continue to be preferred over the GCM suites.

      Problem

      Forward secrecy is a feature of specific key agreement protocols that gives assurances your session keys will not be compromised even if the private key of the server is compromised. Forward secrecy protects past sessions against future compromises of secret keys or passwords.

      In the current SunJSSE provider, the forward secrecy feature was considered, but with a lower priority. For example, JDK prefers the better performance of key exchange and digital signature algorithm, in the order of

      ECDHE-ECDSA, ECDHE-RSA, RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS.

      While if forward secrecy is preferable first, the order should be

      ECDHE-ECDSA, ECDHE-RSA, DHE-RSA, DHE-DSS, ECDH-ECDSA, ECDH-RSA, RSA.

      Meanwhile, the RSA key exchange algorithms and SHA-1 based HMAC algorithms have been deprecated in TLS 1.3. Even for TLS 1.2 and prior versions, the priority of them should be decreased for safety as well.

      Solution

      By updating the preference order of the default enabled cipher suites, change to prefer forward secrecy in the SunJSSE provider. The scope of this work is similar to that done for JDK 13.

      The following factors are considered:

      1. Increase the priority of forward secrecy cipher suites.
      2. Increase the priority of ECDHE cipher suites.
      3. Decrease the priority of cipher suites that use SHA-1 hash algorithm.
      4. Decrease the priority of RSA key exchange based cipher suites.

      A release note will accompany the JDK releases highlighting the cipher suite preference changes.

      Specification

      With this update, the order of cipher suites preference in the SunJSSE provider is changed as:

          // Suite B compliant cipher suites
          // AES_256(CBC) - ECDHE - forward secrecy
          TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
          TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
          // AES_256(CBC) - ECDHE - forward secrecy
          TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
          TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
          // AES_256(CBC) - DHE - forward secrecy
          TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
          TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
          // AES_128(CBC) - DHE - forward secrecy
          TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
          TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
          //  AES_256(GCM) - ECDHE_ECDSA - forward secrecy
          TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
          TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
          // AES_256(GCM) - ECDHE - forward secrecy
          TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
          // AES_128(GCM) - ECDHE - forward secrecy
          TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
          // AES_256(GCM) - DHE - forward secrecy
          TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
          TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
          // AES_128(GCM) - DHE - forward secrecy
          TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
          TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
          // AES_256(CBC) - not forward secrecy
          TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
          TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
          // AES_128(CBC) - not forward secrecy
          TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
          TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
          // AES_256(GCM) - not forward secrecy
          TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
          TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
          // AES_128(CBC) - not forward secrecy
          TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
          TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
          // AES_256(GCM) - not forward secrecy
          TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
          TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
          // AES_128(GCM) - not forward secrecy
          TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
          TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
          // AES_256(CBC) - ECDHE - using SHA
          TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
          TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
          // AES_128(CBC) - ECDHE - using SHA
          TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
          TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
          // AES_256(CBC) - DHE - using SHA
          TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
          TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
          // AES_128(CBC) - DHE - using SHA
          TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
          TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
          // AES_256(CBC) - using SHA, not forward secrecy
          TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
          TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
          // AES_128(CBC) - using SHA, not forward secrecy
          TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
          TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
      
          // deprecated
          TLS_RSA_WITH_AES_256_GCM_SHA384,
          TLS_RSA_WITH_AES_256_CBC_SHA256,
          TLS_RSA_WITH_AES_128_CBC_SHA256,
          TLS_RSA_WITH_AES_256_CBC_SHA,
          TLS_RSA_WITH_AES_128_GCM_SHA256,
          TLS_RSA_WITH_AES_128_CBC_SHA,
          TLS_EMPTY_RENEGOTIATION_INFO_SCSV

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              coffeys Sean Coffey
              Reporter:
              xuelei Xuelei Fan
              Reviewed By:
              Xuelei Fan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: