Bug ID: JDK-8212823 Disable anon and NULL cipher suites

Type: CSR
Component: security-libs
Sub-Component: javax.net.ssl

Priority: P3
Status: Closed
Resolution: Approved
Fix Versions: 11.0.2,12

Submitted: 2018-10-23
Updated: 2019-09-24
Resolved: 2018-11-01

Summary
-------

Disable the TLS anon (anonymous) and NULL cipher suites by default by adding them to the `jdk.tls.disabledAlgorithms` security property. 

Problem
-------

The TLS anon and NULL cipher suites are used rarely and have security weaknesses. Anonymous suites are vulnerable to man-in-the-middle attacks. NULL suites do not provide confidentiality. RFC 7525 (Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)" says: "Implementations MUST NOT negotiate the cipher suites with NULL encryption." 

These suites are not enabled by default, so an application has to explicitly enable them using an API or the `jdk.tls.client.cipherSuites` or `jdk.tls.server.cipherSuites` system properties. However, adding them to the `jdk.tls.disabledAlgorithms` security property adds an extra layer of protection should they be used accidentally or maliciously.

Solution
--------

Add `anon` and `NULL` to the `jdk.tls.disabledAlgorithms` security property so that it will be disabled by default. In order to use one of these suites, an application has to explicitly enable it AND remove it from the `jdk.tls.disabledAlgorithms` security property.

Specification
-------------

In the `java.security` file, change the value of the `jdk.tls.disabledAlgorithms` security property:

```
jdk.tls.disabledAlgorithms= /* whatever was before */, anon, NULL
```

Moved to Approved; may adjust the fixVersinn setting at some point depending on future policy discussions.

01-11-2018

This is a request for a retroactive CSR approval. I accidentally pushed the fix to 12 before getting CSR approval. I would also like to backport this to 11.0.2 if I can meet the deadlines.

26-10-2018