RFR: 8374317: Change GCM IV size to 12 bytes when encrypting/decrypting TLS session ticket
Artur Barashev
abarashev at openjdk.org
Wed Dec 24 14:08:54 UTC 2025
On Wed, 24 Dec 2025 02:44:11 GMT, Bernd <duke at openjdk.org> wrote:
> Hm, if there are no test changes needed. We might Need to add some. Should we dynamically accept 12-16 Byte IVs? Not sure why the mail talked about 96 Bits for Mac as well, but I think even NIST prefers 128 (in fact that’s a major weakness going forward that’s its limited to the blockiere)
We already have unit tests that test stateless session resumption, `ResumeChecksServerStateless.java` for example. Not sure if there is any practical way to actually test that the IV size is 12 and GCM's internal extra hashing step doesn't happen.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/28971#issuecomment-3689857202
More information about the security-dev
mailing list