Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / libcore / 5b15ad6b3d508a97d1cd23667afaee8c55072718
commit5b15ad6b3d508a97d1cd23667afaee8c55072718[log] [tgz]
authorAlex Klyubin <klyubin@google.com>Tue Dec 17 16:55:38 2013 -0800
committerAlex Klyubin <klyubin@google.com>Tue Dec 17 17:06:40 2013 -0800
treee7f793a9f16f5250567a00f73330c05fcc4df85b
parent9c10d333f448950a3294a03a00006c736f8f7377 [diff]
Disable static server key ECDH cipher suites in SSLSocket.

These cipher suites use a static key for ECDH on the server side.
When client certificates are used, a static key is also used on the
client side, leading to the same premaster secret for all connections
between a particular client and server. Also, these cipher suites do
not provide forward secrecy.

Scans show that removing these cipher suites from the default list
does not affect connectivity to servers and is thus safe.

Bug: 11220570
Change-Id: If34f4a3888ed9972c39d171656a85c61dfa98ea1
2 files changed
tree: e7f793a9f16f5250567a00f73330c05fcc4df85b
  1. benchmarks/
  2. dalvik/
  3. dex/
  4. dom/
  5. expectations/
  6. harmony-tests/
  7. include/
  8. json/
  9. jsr166-tests/
  10. libart/
  11. libdvm/
  12. luni/
  13. support/
  14. xml/
  15. Android.mk
  16. CaCerts.mk
  17. CleanSpec.mk
  18. Docs.mk
  19. JavaLibrary.mk
  20. NativeCode.mk
  21. NOTICE
  22. run-libcore-tests