[Bug 2250] JSSE server is still limited to 768-bit DHE
bugzilla-daemon at icedtea.classpath.org
bugzilla-daemon at icedtea.classpath.org
Mon Mar 2 16:27:01 UTC 2015
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2250
--- Comment #5 from Andrew Haley <aph at redhat.com> ---
(In reply to Andrew John Hughes from comment #4)
> I know, that's why I said we wouldn't use the default settings in this
> patch. If we instead set useLegacyEphemeralDHKeys to true by default (the
> patch sets it to false), we would get the same key size as at present i.e.
The problem is that it's not possible to get a larger key size without changing
the default; and doing that can break some other program running elsewhere in
an app server. It's the same problem with upgrading to a newer JVM, but some
compatibility problems might be expected in that case. Not for a minor change
in a legacy VM.
> Different behaviour would only occur if the user expicitly set
> jdk.tls.ephemeralDHKeySize.
Yes.
> No-one is suggesting this would be an IcedTea-only change.
Good.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20150302/b0a0042c/attachment.html>
More information about the distro-pkg-dev
mailing list