RFR: 8374317: Change GCM IV size to 12 bytes when encrypting/decrypting TLS session ticket [v2]
Artur Barashev
abarashev at openjdk.org
Wed Dec 24 04:40:56 UTC 2025
> 12 bytes is the recommended size for GCM per NIST SP 800-38D:
>
> For IVs, it is recommended that implementations restrict support to the length of 96 bits, to
> promote interoperability, efficiency, and simplicity of design.`
>
> Larger IV size requires an extra hashing step (GHASH). Currently we have it set to 16 bytes.
Artur Barashev has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
- Make GCM IV a constant. Update copyright year.
- Merge branch 'master' into JDK-8374317
- 8374317: Change GCM IV size to 12 bytes when encrypting/decrypting TLS session ticket
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/28971/files
- new: https://git.openjdk.org/jdk/pull/28971/files/72921697..31f7362c
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=28971&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=28971&range=00-01
Stats: 77800 lines in 1632 files changed: 49160 ins; 19561 del; 9079 mod
Patch: https://git.openjdk.org/jdk/pull/28971.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/28971/head:pull/28971
PR: https://git.openjdk.org/jdk/pull/28971
More information about the security-dev
mailing list