DH Key sizes (again)
Bernd
ecki at zusammenkunft.net
Tue Mar 24 11:28:24 UTC 2015
Hello,
it is good to see Java 8 support EDH with 1024 and 2048 bit keys. However
it is still a problem that there is no negotiation in the TLS handshake and
so a flexible client should be able to accept different key siztes. Apache
since 2.4.7 sends 2048/3072 and 4096. And starting with 2.4.10 it sends
even 6k and 8k (standard) primes.
I see a comment in the source that the DH provider needs to be improved to
actually handle those. So I wonder if there are any plans for this? Is
there a good way to request it? Would filing a RFE on bugreport.java.com be
the right place?
Gruss
Bernd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20150324/c4643402/attachment.htm>
More information about the security-dev
mailing list