RFR: 8301700: Increase the default TLS Diffie-Hellman group size from 1024-bit to 2048-bit
Xue-Lei Andrew Fan
xuelei at openjdk.org
Fri Feb 10 22:05:28 UTC 2023
On Thu, 9 Feb 2023 20:59:37 GMT, Sean Mullan <mullan at openjdk.org> wrote:
> Please review this change to increase the default Diffie-Hellman group size used in the key exchange method of TLS_DHE cipher suites from 1024-bit to 2048-bit. This issue does not affect TLS 1.3 as the minimum DH group size is 2048 bits..
>
> See the CSR for more details on the rationale for this change and the expected compatibility risk (low).
Looks good to me. And thanks for the word smithing.
-------------
Marked as reviewed by xuelei (Reviewer).
PR: https://git.openjdk.org/jdk/pull/12502
More information about the security-dev
mailing list