On Mon, 28 Apr 2025 18:56:31 GMT, Sean Mullan <mul...@openjdk.org> wrote:

>> Sounds good, this was just FYI.
>
> I may be wrong, but it seems you only re-enable 3DES to test a non-TLS 1.3 
> cipher suite. But you don't have to use a 3DES suite to do that, you could 
> use one of the suites that are already enabled (and are still considered 
> strong), like "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256".
> 
> As a general comment, I would avoid re-enabling broken or disabled algorithms 
> unless you specifically have to test that algorithm for some reason.

Thanks for pointing it out. Re-enabling was removed in 
368f9b58736e4eb4f37d043ecd4df28d316fec49, and we will replace the cipher suite 
in the next refresh of this PR.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2166103818

Reply via email to