Release Note: The Default TLS Diffie-Hellman Group Size Has Been Increased from 1024-bit to 2048-bit

XMLWordPrintable

    • Type: Backport
    • Resolution: Delivered
    • Priority: P3
    • 7u401
    • Affects Version/s: 7u401, 8u391, 11.0.21-oracle, 17.0.9-oracle, 21
    • Component/s: security-libs

      The JDK implementation of TLS 1.2 now uses a default Diffie Hellman keysize of 2048 bits when a TLS_DHE cipher suite is negotiated.

      As a workaround, users can revert to the previous size by setting the `jdk.tls.ephemeralDHKeySize` system property to 1024 (at their own risk).

            Assignee:
            Marc Palmerjohnson
            Reporter:
            Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: