On Mon, 28 Apr 2025 18:56:31 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Sounds good, this was just FYI. > > I may be wrong, but it seems you only re-enable 3DES to test a non-TLS 1.3 > cipher suite. But you don't have to use a 3DES suite to do that, you could > use one of the suites that are already enabled (and are still considered > strong), like "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256". > > As a general comment, I would avoid re-enabling broken or disabled algorithms > unless you specifically have to test that algorithm for some reason. Thanks for pointing it out. Re-enabling was removed in 368f9b58736e4eb4f37d043ecd4df28d316fec49, and we will replace the cipher suite in the next refresh of this PR. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2166103818