On 2/24/26 8:25 AM, ecki wrote:
With the January Update we disabled the nonˋforward TLS_RSA ciphers,
which Potentials would Interrup Communication with some of our Customers
Partners (as expected). We therefore recommend those customers to re-
enable it. However what I noticed
With the January Update we disabled the nonˋforward TLS_RSA ciphers,
which Potentials would Interrup Communication with some of our
Customers Partners (as expected).
We therefore recommend those customers to re-enable it. However what I
noticed is, that it is not (also) in the Legacy List (like some other
disabled ciphers). I suspect it already has lower priority, but would it
make sense to add it also to the Legacy ciphers?
We could but it actually wouldn't have any direct impact since those
suites are already the lowest in priority.
BTW unlike other options the Oracle Crypto Roadmap seems to not have a
description how to re-enable it (I mean it is failry obvious, but given
It’s damage potential I would have thought it’s spelled out anyway)
More recently, we don't include specific instructions to re-enable it as
it is usually just the reverse of the instructions for testing. However,
the current instructions don't list the TLS_RSA wildcard (since support
for that was added after the Crypto Roadmap action for the disabling),
so that should be updated, and I'll file an issue to get that corrected.
--Sean
