RFR: 8301700: Increase the default TLS Diffie-Hellman group size from 1024-bit to 2048-bit

Xue-Lei Andrew Fan xuelei at openjdk.org
Fri Feb 10 22:05:28 UTC 2023


On Thu, 9 Feb 2023 20:59:37 GMT, Sean Mullan <mullan at openjdk.org> wrote:

> Please review this change to increase the default Diffie-Hellman group size used in the key exchange method of TLS_DHE cipher suites from 1024-bit to 2048-bit. This issue does not affect TLS 1.3 as the minimum DH group size is 2048 bits..
> 
> See the CSR for more details on the rationale for this change and the expected compatibility risk (low).

Looks good to me.  And thanks for the word smithing.

-------------

Marked as reviewed by xuelei (Reviewer).

PR: https://git.openjdk.org/jdk/pull/12502



More information about the security-dev mailing list