DH Key sizes (again)
Sean Mullan
sean.mullan at oracle.com
Thu Mar 26 19:32:36 UTC 2015
Hi Bernd,
On 03/24/2015 07:28 AM, Bernd wrote:
> Hello,
>
> it is good to see Java 8 support EDH with 1024 and 2048 bit keys.
> However it is still a problem that there is no negotiation in the TLS
> handshake and so a flexible client should be able to accept different
> key siztes. Apache since 2.4.7 sends 2048/3072 and 4096. And starting
> with 2.4.10 it sends even 6k and 8k (standard) primes.
>
> I see a comment in the source that the DH provider needs to be improved
> to actually handle those. So I wonder if there are any plans for this?
> Is there a good way to request it? Would filing a RFE on
> bugreport.java.com <http://bugreport.java.com> be the right place?
There is currently an open issue for this:
https://bugs.openjdk.java.net/browse/JDK-8072452
Let me look into what our plans are for this and get back to you. I
agree it is important to resolve.
--Sean
More information about the security-dev
mailing list