[Bug 2528] JSSE server still defaults to 768-bit DHE
bugzilla-daemon at icedtea.classpath.org
bugzilla-daemon at icedtea.classpath.org
Wed Jul 15 07:48:09 UTC 2015
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2528
--- Comment #2 from Tomas Hoger <thoger at redhat.com> ---
According to Oracle JDK release notes, Oracle JDK 6u101 and 7u85 change the
default DH size from 768 to 1024, and also add jdk.tls.ephemeralDHKeySize
property support.
Quoting form Oracle JDK release notes:
Support stronger strength ephemeral DH keys in the SunJSSE provider
The ephemeral DH key size now defaults to 1024 bits during SSL/TLS handshaking
in the SunJSSE provider. A new system property, "jdk.tls.ephemeralDHKeySize",
is defined to customize the ephemeral DH key sizes. This can be set to "legacy"
if the older JDK behavior (DH keysize of 768 bits) is desired. The DH key size
for exportable ciphersuites remains at 512 bits.
See JDK-8081080 (not public).
http://www.oracle.com/technetwork/java/javase/7u85-relnotes-2587591.html
http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html
Noting here as bug 2487 remains private and has few details.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20150715/20020527/attachment.html>
More information about the distro-pkg-dev
mailing list