[8u] RFR: 8076221: Disable RC4 cipher suites

Seán Coffey sean.coffey at oracle.com
Wed Apr 15 09:54:28 UTC 2015


Looks good.

Approved.

Regards,
Sean.

On 15/04/15 09:17, Artem Smotrakov wrote:
> cc'ing jdk8u-dev at openjdk.java.net
>
> Would you please approve this backport to 8u-dev?
>
> The difference is:
> - JDK 9 has a single java.security file, but JDK 8u has java.security 
> file for each generic platform, so each file needs to be updated.
> - Test names are different, but the changes are the same (reset 
> 'jdk.tls.disabledAlgorithms' security property)
>
> Webrev: http://cr.openjdk.java.net/~asmotrak/8076221/webrev.8u.00/
> Bug: https://bugs.openjdk.java.net/browse/JDK-8076221
> Changeset: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/23cde932f139
>
> Artem
>
> On 04/15/2015 10:42 AM, Xuelei Fan wrote:
>> Looks fine to me.
>>
>> Xuelei
>>
>> On 4/15/2015 3:06 PM, Artem Smotrakov wrote:
>>> Hello,
>>>
>>> RFC 7465 [1] has been published to prohibit RC4.
>>>
>>> Please review this fix which disables RC4 cipher suites in JDK 8u by
>>> adding "RC4" to "jdk.tls.disabledAlgorithms" security property.
>>>
>>> Webrev: http://cr.openjdk.java.net/~asmotrak/8076221/webrev.8u.00/
>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8076221
>>>
>>> [1] https://tools.ietf.org/html/rfc7465
>>>
>>> Artem
>>>
>



More information about the security-dev mailing list