Open joakime opened 1 year ago
I wonder if the combination of DHE + RSA reduces the key length to unacceptable levels?
Looks like all of the standard OpenJDK 17 Cipher Suites are ...
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
The use of DHE is only with DSS or RSA
If we use *_DHE_*
then the following are excluded.
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
If we use *_DHE_RSA_*
then this smaller list is excluded
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Lists from javax.net.ssl.SSLServerSocketFactory.getDefault().getSupportedCipherSuites()
The impact on JDK 20 would be ...
Cipher Suite JDK 20 | *_DHE_* |
*_DHE_RSA_* |
---|---|---|
TLS_AES_128_GCM_SHA256 | - | - |
TLS_AES_256_GCM_SHA384 | - | - |
TLS_CHACHA20_POLY1305_SHA256 | - | - |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA | :x: | - |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | :x: | - |
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 | :x: | - |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA | :x: | - |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | :x: | - |
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 | :x: | - |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA | :x: | :x: |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | :x: | :x: |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | :x: | :x: |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA | :x: | :x: |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | :x: | :x: |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | :x: | :x: |
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | :x: | :x: |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | - | - |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | - | - |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | - | - |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | - | - |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | - | - |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | - | - |
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | - | - |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | - | - |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | - | - |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | - | - |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | - | - |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | - | - |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | - | - |
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | - | - |
TLS_EMPTY_RENEGOTIATION_INFO_SCSV | - | - |
TLS_RSA_WITH_AES_128_CBC_SHA | - | - |
TLS_RSA_WITH_AES_128_CBC_SHA256 | - | - |
TLS_RSA_WITH_AES_128_GCM_SHA256 | - | - |
TLS_RSA_WITH_AES_256_CBC_SHA | - | - |
TLS_RSA_WITH_AES_256_CBC_SHA256 | - | - |
TLS_RSA_WITH_AES_256_GCM_SHA384 | - | - |
Jetty version(s) Jetty 10 / 11 / 12
Description The DHE cipher suite is undergoing a series of quick succession insecure declarations and minor fixes (increased bit lengths). Should we include
*_DHE_*
in our default excluded cipher suites?