Use Triple DES in JdkSslContext cipher suite list.
Related:
- d6c3b3063f
- Original author: @grahamedgecombe
Motivation:
JdkSslContext used SSL_RSA_WITH_DES_CBC_SHA in its cipher suite list.
OpenSslServerContext used DES-CBC3-SHA in the same place in its cipher suite
list, which is equivalent to SSL_RSA_WITH_3DES_EDE_CBC_SHA.
This means the lists were out of sync. Furthermore, using
SSL_RSA_WITH_DES_CBC_SHA is not desirable as it uses DES, a weak cipher. Triple
DES should be used instead.
Modifications:
Replace SSL_RSA_WITH_DES_CBC_SHA with SSL_RSA_WITH_3DES_EDE_CBC_SHA in
JdkSslContext.
Result:
The JdkSslContext and OpenSslServerContext cipher suite lists are now in sync.
Triple DES is used instead of DES, which is stronger.
This commit is contained in:
Trustin Lee
parent
7d9125ed8f
commit
03a775a71d
@ -78,7 +78,7 @@ public abstract class JdkSslContext extends SslContext {
|
|||||||
"TLS_RSA_WITH_AES_128_CBC_SHA",
|
"TLS_RSA_WITH_AES_128_CBC_SHA",
|
||||||
// AES256 requires JCE unlimited strength jurisdiction policy files.
|
// AES256 requires JCE unlimited strength jurisdiction policy files.
|
||||||
"TLS_RSA_WITH_AES_256_CBC_SHA",
|
"TLS_RSA_WITH_AES_256_CBC_SHA",
|
||||||
"SSL_RSA_WITH_DES_CBC_SHA",
|
"SSL_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||||
"SSL_RSA_WITH_RC4_128_SHA");
|
"SSL_RSA_WITH_RC4_128_SHA");
|
||||||
|
|
||||||
if (!ciphers.isEmpty()) {
|
if (!ciphers.isEmpty()) {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user