RFR: 8374317: Change GCM IV size to 12 bytes when encrypting/decrypting TLS session ticket
Koushik Muthukrishnan Thirupattur
duke at openjdk.org
Wed Dec 24 01:58:57 UTC 2025
On Wed, 24 Dec 2025 00:40:05 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
> 12 bytes is the recommended size for GCM per NIST SP 800-38D:
>
> For IVs, it is recommended that implementations restrict support to the length of 96 bits, to
> promote interoperability, efficiency, and simplicity of design.`
>
> Larger IV size requires an extra hashing step (GHASH). Currently we have it set to 16 bytes.
Marked as reviewed by koushikthirupattur at github.com (no known OpenJDK username).
-------------
PR Review: https://git.openjdk.org/jdk/pull/28971#pullrequestreview-3609719024
More information about the security-dev
mailing list