RFR: 8374317: Change GCM IV size to 12 bytes when encrypting/decrypting TLS session ticket [v2]
Anthony Scarpino
ascarpino at openjdk.org
Wed Dec 24 18:37:56 UTC 2025
On Wed, 24 Dec 2025 04:40:56 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> 12 bytes is the recommended size for GCM per NIST SP 800-38D:
>>
>> For IVs, it is recommended that implementations restrict support to the length of 96 bits, to
>> promote interoperability, efficiency, and simplicity of design.`
>>
>> Larger IV size requires an extra hashing step (GHASH). Currently we have it set to 16 bytes.
>
> Artur Barashev has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
>
> - Make GCM IV a constant. Update copyright year.
> - Merge branch 'master' into JDK-8374317
> - 8374317: Change GCM IV size to 12 bytes when encrypting/decrypting TLS session ticket
Marked as reviewed by ascarpino (Reviewer).
-------------
PR Review: https://git.openjdk.org/jdk/pull/28971#pullrequestreview-3611453014
More information about the security-dev
mailing list