RFR: 8373426: Remove ffdhe6144 and ffdhe8192 from default list of TLS named groups
Sean Mullan
mullan at openjdk.org
Wed Feb 4 21:39:01 UTC 2026
On Wed, 4 Feb 2026 21:07:12 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
> any bad to keep them? I did not get the idea to take the compatibility risks.
Why are they needed by default? AFAIK nobody ever uses them and other groups will always be negotiated before them since they are at the end of the list. No other TLS impl that we know of includes these groups by default.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/29577#issuecomment-3849863157
More information about the security-dev
mailing list