31 lines
1.2 KiB
Plaintext
31 lines
1.2 KiB
Plaintext
=== deprecates: S5326
|
|
|
|
=== on 5 Mar 2018, 12:04:37 Alexandre Gigleux wrote:
|
|
There is no SEI CERT ID for this one in \https://wiki.sei.cmu.edu/confluence/display/java/SEI+CERT+Oracle+Coding+Standard+for+Java
|
|
|
|
=== on 5 Mar 2018, 13:06:12 Alexandre Gigleux wrote:
|
|
See \https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext for the list of protocols supported by ``++SSLContext.getInstance()++``.
|
|
|
|
=== on 27 Mar 2018, 15:46:54 Pierre-Yves Nicolas wrote:
|
|
\[~alexandre.gigleux] There's a different https://docs.oracle.com/javase/9/docs/specs/security/standard-names.html#sslcontext-algorithms[list for java 9] which contains 3 "new" protocols: DTLS, DTLSv1.0 and DTLSv1.2. Should they also be considered as weak?
|
|
|
|
=== on 27 Mar 2018, 16:42:02 Alexandre Gigleux wrote:
|
|
\[~pierre-yves.nicolas]
|
|
|
|
|
|
According to \https://tools.ietf.org/html/rfc7525#page-6 (3.1.2. DTLS Protocol Versions), here is the mapping between DTLS and TLS:
|
|
|
|
|
|
Version 1.0 of DTLS correlates to version 1.1 of TLS
|
|
|
|
Version 1.2 of DTLS correlates to version 1.2 of TLS
|
|
|
|
|
|
As a consequence, we should consider DTLS and DTLSv1.0 in the "weak" list.
|
|
|
|
|
|
|
|
=== on 30 May 2018, 17:00:33 Alexandre Gigleux wrote:
|
|
We should generalize this rule to: "Weak SSL protocols should not be used"
|
|
|