RFR: 8374317: Change GCM IV size to 12 bytes when encrypting/decrypting TLS session ticket
Artur Barashev
abarashev at openjdk.org
Wed Dec 24 00:48:15 UTC 2025
12 bytes is the recommended size for GCM per NIST SP 800-38D:
For IVs, it is recommended that implementations restrict support to the length of 96 bits, to
promote interoperability, efficiency, and simplicity of design.`
Larger IV size requires an extra hashing step (GHASH). Currently we have it set to 16 bytes.
-------------
Commit messages:
- 8374317: Change GCM IV size to 12 bytes when encrypting/decrypting TLS session ticket
Changes: https://git.openjdk.org/jdk/pull/28971/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=28971&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8374317
Stats: 3 lines in 1 file changed: 1 ins; 0 del; 2 mod
Patch: https://git.openjdk.org/jdk/pull/28971.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/28971/head:pull/28971
PR: https://git.openjdk.org/jdk/pull/28971
More information about the security-dev
mailing list