Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8308676

Release Note: The Default TLS Diffie-Hellman Group Size Has Been Increased from 1024-bit to 2048-bit

    XMLWordPrintable

Details

    • Backport
    • Status: Resolved
    • P3
    • Resolution: Delivered
    • 7u401, 8u391, 11.0.21-oracle, 17.0.9-oracle, 21
    • 7u401
    • security-libs

    Description

      The JDK implementation of TLS 1.2 now uses a default Diffie Hellman keysize of 2048 bits when a TLS_DHE cipher suite is negotiated.

      As a workaround, users can revert to the previous size by setting the `jdk.tls.ephemeralDHKeySize` system property to 1024 (at their own risk).

      Attachments

        Issue Links

          Activity

            People

              mpalmerj Marc Palmerjohnson
              mullan Sean Mullan
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: