=== deprecates: S5326

=== on 5 Mar 2018, 12:04:37 Alexandre Gigleux wrote:
There is no SEI CERT ID for this one in \https://wiki.sei.cmu.edu/confluence/display/java/SEI+CERT+Oracle+Coding+Standard+for+Java

=== on 5 Mar 2018, 13:06:12 Alexandre Gigleux wrote:
See \https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext for the list of protocols supported by ``++SSLContext.getInstance()++``.

=== on 27 Mar 2018, 15:46:54 Pierre-Yves Nicolas wrote:
\[~alexandre.gigleux] There's a different https://docs.oracle.com/javase/9/docs/specs/security/standard-names.html#sslcontext-algorithms[list for java 9] which contains 3 "new" protocols: DTLS, DTLSv1.0 and DTLSv1.2. Should they also be considered as weak?

=== on 27 Mar 2018, 16:42:02 Alexandre Gigleux wrote:
\[~pierre-yves.nicolas]


According to \https://tools.ietf.org/html/rfc7525#page-6 (3.1.2. DTLS Protocol Versions), here is the mapping between DTLS and TLS:


Version 1.0 of DTLS correlates to version 1.1 of TLS

Version 1.2 of DTLS correlates to version 1.2 of TLS


As a consequence, we should consider DTLS and DTLSv1.0 in the "weak" list.



=== on 30 May 2018, 17:00:33 Alexandre Gigleux wrote:
We should generalize this rule to: "Weak SSL protocols should not be used"