8163237: Restrict the use of EXPORT cipher suites
Reviewed-by: mullan, igerasim, rhalade, jnimeh
--- a/src/java.base/share/conf/security/java.security Tue Oct 24 09:58:27 2017 -0400
+++ b/src/java.base/share/conf/security/java.security Tue Oct 31 00:54:53 2017 +0000
@@ -676,7 +676,7 @@
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
- EC keySize < 224
+ EC keySize < 224, DES40_CBC, RC4_40
#
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
@@ -737,8 +737,6 @@
#
jdk.tls.legacyAlgorithms= \
K_NULL, C_NULL, M_NULL, \
- DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
- DH_RSA_EXPORT, RSA_EXPORT, \
DH_anon, ECDH_anon, \
RC4_128, RC4_40, DES_CBC, DES40_CBC, \
3DES_EDE_CBC
--- a/test/jdk/sun/security/ssl/ClientHandshaker/RSAExport.java Tue Oct 24 09:58:27 2017 -0400
+++ b/test/jdk/sun/security/ssl/ClientHandshaker/RSAExport.java Tue Oct 31 00:54:53 2017 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -419,6 +419,7 @@
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
+ Security.setProperty("jdk.tls.disabledAlgorithms", "MD2");
if (debug)
System.setProperty("javax.net.debug", "all");