diff options
| author | Alex Klyubin <klyubin@google.com> | 2013-11-07 14:20:08 -0800 |
|---|---|---|
| committer | Alex Klyubin <klyubin@google.com> | 2013-11-07 14:20:08 -0800 |
| commit | 4892adf2af0d4c842aace8d8f8f8a8189425ac23 (patch) | |
| tree | c3c9da9b8b0c302229d68d802b25bd6c5374c740 /support/src | |
| parent | 7a650a8dd4d2bbed6562ad4a507a1ea046789dbd (diff) | |
| download | libcore-4892adf2af0d4c842aace8d8f8f8a8189425ac23.zip libcore-4892adf2af0d4c842aace8d8f8f8a8189425ac23.tar.gz libcore-4892adf2af0d4c842aace8d8f8f8a8189425ac23.tar.bz2 | |
Prefer Forward Secrecy TLS/SSL cipher suites by default.
This modifies the list of TLS/SSL cipher suites used by default to
prefer those offering Forward Secrecy (FS) -- ECDHE and DHE.
Bug: 11220570
Change-Id: I20f635d11e937d64de4f4e2fea34e1c5ea7a67ac
Diffstat (limited to 'support/src')
| -rw-r--r-- | support/src/test/java/libcore/java/security/StandardNames.java | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/support/src/test/java/libcore/java/security/StandardNames.java b/support/src/test/java/libcore/java/security/StandardNames.java index ffaa591..9599200 100644 --- a/support/src/test/java/libcore/java/security/StandardNames.java +++ b/support/src/test/java/libcore/java/security/StandardNames.java @@ -759,13 +759,7 @@ public final class StandardNames extends Assert { "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA") - : Arrays.asList("TLS_RSA_WITH_AES_128_CBC_SHA", - "TLS_RSA_WITH_AES_256_CBC_SHA", - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + : Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", @@ -773,19 +767,25 @@ public final class StandardNames extends Assert { "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", - "SSL_RSA_WITH_RC4_128_MD5", - "SSL_RSA_WITH_RC4_128_SHA", - "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", - "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + "TLS_RSA_WITH_AES_128_CBC_SHA", + "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "TLS_ECDHE_RSA_WITH_RC4_128_SHA", - "SSL_RSA_WITH_3DES_EDE_CBC_SHA", - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", - "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "SSL_RSA_WITH_RC4_128_MD5", + "SSL_RSA_WITH_RC4_128_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "SSL_RSA_WITH_3DES_EDE_CBC_SHA", CIPHER_SUITE_SECURE_RENEGOTIATION); private static final Set<String> PERMITTED_DEFAULT_KEY_EXCHANGE_ALGS = |