# HG changeset patch # User xuelei # Date 1509411293 0 # Node ID 0786897e86b3d800dd7c8a1efd73d9d0c7a2a323 # Parent d4898fde81715ff226f33d763d459d4c69ad04a9 8163237: Restrict the use of EXPORT cipher suites Reviewed-by: mullan, igerasim, rhalade, jnimeh diff -r d4898fde8171 -r 0786897e86b3 src/java.base/share/conf/security/java.security --- a/src/java.base/share/conf/security/java.security Tue Oct 24 09:58:27 2017 -0400 +++ b/src/java.base/share/conf/security/java.security Tue Oct 31 00:54:53 2017 +0000 @@ -676,7 +676,7 @@ # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ - EC keySize < 224 + EC keySize < 224, DES40_CBC, RC4_40 # # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) @@ -737,8 +737,6 @@ # jdk.tls.legacyAlgorithms= \ K_NULL, C_NULL, M_NULL, \ - DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ - DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC, \ 3DES_EDE_CBC diff -r d4898fde8171 -r 0786897e86b3 test/jdk/sun/security/ssl/ClientHandshaker/RSAExport.java --- a/test/jdk/sun/security/ssl/ClientHandshaker/RSAExport.java Tue Oct 24 09:58:27 2017 -0400 +++ b/test/jdk/sun/security/ssl/ClientHandshaker/RSAExport.java Tue Oct 31 00:54:53 2017 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -419,6 +419,7 @@ // reset the security property to make sure that the algorithms // and keys used in this test are not disabled. Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); + Security.setProperty("jdk.tls.disabledAlgorithms", "MD2"); if (debug) System.setProperty("javax.net.debug", "all");