Disable more DHE related ciphersuites

ibmruntimes / openj9-openjdk-jdk

Extensions for OpenJDK for Eclipse OpenJ9

GNU General Public License v2.0

17 stars 73 forks source link

Disable more DHE related ciphersuites #816

Closed JinhangZhang closed 1 month ago

JinhangZhang commented 1 month ago

DHE related cipher suites need Diffie-Hellman crypto services. However, those crypto services are not allowed in strict profile in FIPS140-3. Therefore, those DHE related ciphersuites are disabled.

JinhangZhang commented 1 month ago

@jasonkatonica FYI

JinhangZhang commented 1 month ago

@keithc-ca please help to review

keithc-ca commented 1 month ago

It would be helpful if the commit message and the description here explained the motivation for these changes: Why should those algorithms be disabled?

JinhangZhang commented 1 month ago

It would be helpful if the commit message and the description here explained the motivation for these changes: Why should those algorithms be disabled?

updated

keithc-ca commented 1 month ago

It would be helpful if the commit message and the description here explained the motivation for these changes: Why should those algorithms be disabled?

updated

Please update the description here as well.

JinhangZhang commented 1 month ago

It would be helpful if the commit message and the description here explained the motivation for these changes: Why should those algorithms be disabled?

updated

Please update the description here as well.

updated

keithc-ca commented 1 month ago

Jenkins test sanity zlinux jdknext