From 2dbc9173e214d6e3731b398a42a5b0833c64ff69 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Tue, 14 Nov 2023 13:18:12 +0700
Subject: Mark RSA key exchange cipher suites to be removed from default list

---
 crypto/src/tls/DefaultTlsClient.cs | 2 ++
 crypto/src/tls/DefaultTlsServer.cs | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/crypto/src/tls/DefaultTlsClient.cs b/crypto/src/tls/DefaultTlsClient.cs
index 32c99f393..e28128f94 100644
--- a/crypto/src/tls/DefaultTlsClient.cs
+++ b/crypto/src/tls/DefaultTlsClient.cs
@@ -30,6 +30,8 @@ namespace Org.BouncyCastle.Tls
             CipherSuite.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
             CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
             CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+
+            // TODO[api] Remove RSA key exchange cipher suites from default list
             CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
             CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
             CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
diff --git a/crypto/src/tls/DefaultTlsServer.cs b/crypto/src/tls/DefaultTlsServer.cs
index 9e6d40439..38be5fa67 100644
--- a/crypto/src/tls/DefaultTlsServer.cs
+++ b/crypto/src/tls/DefaultTlsServer.cs
@@ -34,6 +34,8 @@ namespace Org.BouncyCastle.Tls
             CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
             CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
             CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+
+            // TODO[api] Remove RSA key exchange cipher suites from default list
             CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384,
             CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
             CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256,
-- 
cgit 1.4.1