[JDK-8302171] Release Note: The Default TLS Diffie-Hellman Group Size Has Been Increased from 1024-bit to 2048-bit - Java Bug System

XML

Word

Printable

Details

Type: Sub-task
Status: Resolved
Priority: P3
Resolution: Delivered
Affects Version/s: 7u401, 8u391, 11.0.21-oracle, 17.0.9-oracle, 21
Fix Version/s: 21
Component/s: security-libs
Labels:
- release-note

Subcomponent:
javax.net.ssl

Backports

Issue	Fix Version	Assignee	Priority	Status	Resolution
JDK-8308674	17.0.9-oracle	Marc Palmerjohnson	P3	Resolved	Delivered
JDK-8308673	11.0.21-oracle	Marc Palmerjohnson	P3	Resolved	Delivered
JDK-8308677	8u391	Marc Palmerjohnson	P3	Resolved	Delivered
JDK-8308676	7u401	Marc Palmerjohnson	P3	Resolved	Delivered

Description

The JDK implementation of TLS 1.2 now uses a default Diffie Hellman keysize of 2048 bits when a TLS_DHE cipher suite is negotiated and either the client or server does not support FFDHE, which can negotiate a stronger keysize. The JDK TLS implementation supports FFDHE and it is enabled by default.

As a workaround, users can revert to the previous size by setting the `jdk.tls.ephemeralDHKeySize` system property to 1024 (at their own risk).

This change does not affect TLS 1.3 as the minimum DH group size is already 2048 bits.

Attachments

Issue Links

backported by

JDK-8308673 Release Note: The Default TLS Diffie-Hellman Group Size Has Been Increased from 1024-bit to 2048-bit

Resolved

JDK-8308674 Release Note: The Default TLS Diffie-Hellman Group Size Has Been Increased from 1024-bit to 2048-bit

Resolved

JDK-8308676 Release Note: The Default TLS Diffie-Hellman Group Size Has Been Increased from 1024-bit to 2048-bit

Resolved

JDK-8308677 Release Note: The Default TLS Diffie-Hellman Group Size Has Been Increased from 1024-bit to 2048-bit

Resolved

Activity

People

Assignee:: Sean Mullan

Reporter:: Sean Mullan

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2023-02-09 12:02

Updated:: 2023-05-23 07:17

Resolved:: 2023-02-15 05:31