31 lines
1.3 KiB
Plaintext
31 lines
1.3 KiB
Plaintext
|
=== Deprecate: RSPEC-5326
|
||
|
|
|
||
|
|
=== On 2018-03-05T12:04:37Z Alexandre Gigleux Wrote:
|
||
|
|
There is no SEI CERT ID for this one in \https://wiki.sei.cmu.edu/confluence/display/java/SEI+CERT+Oracle+Coding+Standard+for+Java
|
||
|
|
|
||
|
|
=== On 2018-03-05T13:06:12Z Alexandre Gigleux Wrote:
|
||
|
|
See \https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext for the list of protocols supported by ``++SSLContext.getInstance()++``.
|
||
|
|
|
||
|
|
=== On 2018-03-27T15:46:54Z Pierre-Yves Nicolas Wrote:
|
||
|
|
\[~alexandre.gigleux] There's a different https://docs.oracle.com/javase/9/docs/specs/security/standard-names.html#sslcontext-algorithms[list for java 9] which contains 3 "new" protocols: DTLS, DTLSv1.0 and DTLSv1.2. Should they also be considered as weak?
|
||
|
|
|
||
|
|
=== On 2018-03-27T16:42:02Z Alexandre Gigleux Wrote:
|
||
|
|
\[~pierre-yves.nicolas]
|
||
|
|
|
||
|
|
|
||
|
|
According to \https://tools.ietf.org/html/rfc7525#page-6 (3.1.2. DTLS Protocol Versions), here is the mapping between DTLS and TLS:
|
||
|
|
|
||
|
|
|
||
|
|
Version 1.0 of DTLS correlates to version 1.1 of TLS
|
||
|
|
|
||
|
|
Version 1.2 of DTLS correlates to version 1.2 of TLS
|
||
|
|
|
||
|
|
|
||
|
|
As a consequence, we should consider DTLS and DTLSv1.0 in the "weak" list.
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
=== On 2018-05-30T17:00:33Z Alexandre Gigleux Wrote:
|
||
|
|
We should generalize this rule to: "Weak SSL protocols should not be used"
|
||
|
|
|