BCJSSE: org.bouncycastle.jsse.fips.allowRSAKeyExchange defaults to false

bcgit · Feb 5, 2024 · 294b42c · 294b42c
1 parent 403b4b5
commit 294b42c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/tls/src/main/java/org/bouncycastle/jsse/provider/FipsUtils.java b/tls/src/main/java/org/bouncycastle/jsse/provider/FipsUtils.java
@@ -18,7 +18,7 @@ abstract class FipsUtils
     private static final boolean provAllowGCMCiphersIn12 = false;
 
     private static final boolean provAllowRSAKeyExchange = PropertyUtils
-        .getBooleanSystemProperty("org.bouncycastle.jsse.fips.allowRSAKeyExchange", true);
+        .getBooleanSystemProperty("org.bouncycastle.jsse.fips.allowRSAKeyExchange", false);
 
     private static final Set<String> FIPS_SUPPORTED_CIPHERSUITES = createFipsSupportedCipherSuites();
     private static final Set<String> FIPS_SUPPORTED_PROTOCOLS = createFipsSupportedProtocols();