-
Type:
Sub-task
-
Resolution: Delivered
-
Priority:
P3
-
Affects Version/s: 7u401, 8u391, 11.0.21-oracle, 17.0.9-oracle, 21
-
Component/s: security-libs
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8308674 | 17.0.9-oracle | Marc Palmerjohnson | P3 | Resolved | Delivered | |
| JDK-8308673 | 11.0.21-oracle | Marc Palmerjohnson | P3 | Resolved | Delivered | |
| JDK-8308677 | 8u391 | Marc Palmerjohnson | P3 | Resolved | Delivered | |
| JDK-8308676 | 7u401 | Marc Palmerjohnson | P3 | Resolved | Delivered |
The JDK implementation of TLS 1.2 now uses a default Diffie Hellman keysize of 2048 bits when a TLS_DHE cipher suite is negotiated and either the client or server does not support FFDHE, which can negotiate a stronger keysize. The JDK TLS implementation supports FFDHE and it is enabled by default.
As a workaround, users can revert to the previous size by setting the `jdk.tls.ephemeralDHKeySize` system property to 1024 (at their own risk).
This change does not affect TLS 1.3 as the minimum DH group size is already 2048 bits.
As a workaround, users can revert to the previous size by setting the `jdk.tls.ephemeralDHKeySize` system property to 1024 (at their own risk).
This change does not affect TLS 1.3 as the minimum DH group size is already 2048 bits.
- backported by
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-