Looks good, just a few minor comments:
CustomizedCipherSuites.java
- should have both years (2016, 2018) on copyright
NoDesRC4CiphSuite.java
- does this need to be run in othervm mode? It doesn't look like you are
setting any properties dynamically. Lines 30-31 should also be removed,
if so.
- add comments describing what the testEngAddDisabled method does
(similar to the testEngOnlyDisabled method)
--Sean
On 8/19/18 9:06 PM, Jamil Nimeh wrote:
Hello all,
This change adds all DES cipher suites to the jdk.tls.disabledAlgorithms
Security property. This will have the effect of making all DES-based
suites unavailable to SunJSSE SSLSocket and SSLEngine instances, even if
explicitly enabled using calls like SSLEngine.setEnabledCipherSuites()
or SSLSocket.setEnabledCipherSuites(). Users wishing to re-enable these
suites for legacy purposes must first alter the
jdk.tls.disabledAlgorithms property in the java.security file.
Please note that prior to this change, DES-based suites were available,
but not enabled by default on SSLSocket and SSLEngine objects. This
change just makes these suites no longer available without further
intervention.
This change also removes RC4_40 from this Security property as it is
already superseded by the RC4 identifier. It also cleans up a
cut-and-paste bug in a couple of the RC4_40 export suites (those suites
are disabled already).
Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8208350/webrev.01/
JBS: https://bugs.openjdk.java.net/browse/JDK-8208350
CSR: https://bugs.openjdk.java.net/browse/JDK-8209318
Thanks,
--Jamil
