From 9a61ef3365ba5e33c65eec42fc80c7e47bc09958 Mon Sep 17 00:00:00 2001 From: Alex Klyubin Date: Wed, 18 Dec 2013 11:03:17 -0800 Subject: Disable 3DES cipher suites in SSLSocket. The effective key length for 3DES_EDE bulk encryption algorithm is only 112 bits. We're now aiming for 128 and higher. Scans show that removing these cipher suites from the default list causes handshake issues only with 0.15% of the ecosystem. Bug: 11220570 Change-Id: Ie01ebe8134d08a36b276295b804540157963be8f --- support/src/test/java/libcore/java/security/StandardNames.java | 6 ------ 1 file changed, 6 deletions(-) (limited to 'support/src/test/java/libcore') diff --git a/support/src/test/java/libcore/java/security/StandardNames.java b/support/src/test/java/libcore/java/security/StandardNames.java index 7ca38bd..c2d8921 100644 --- a/support/src/test/java/libcore/java/security/StandardNames.java +++ b/support/src/test/java/libcore/java/security/StandardNames.java @@ -806,11 +806,6 @@ public final class StandardNames extends Assert { "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_RC4_128_SHA", "SSL_RSA_WITH_RC4_128_MD5", - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", - "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", - "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", - "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", - "SSL_RSA_WITH_3DES_EDE_CBC_SHA", CIPHER_SUITE_SECURE_RENEGOTIATION); private static final Set PERMITTED_DEFAULT_KEY_EXCHANGE_ALGS = @@ -824,7 +819,6 @@ public final class StandardNames extends Assert { private static final Set PERMITTED_DEFAULT_BULK_ENCRYPTION_CIPHERS = new HashSet(Arrays.asList("RC4_128", - "3DES_EDE_CBC", "AES_128_CBC", "AES_256_CBC", "AES_128_GCM", -- cgit v1.1