RFR: 8373426: Remove ffdhe6144 and ffdhe8192 from default list of TLS named groups
Xue-Lei Andrew Fan
xuelei at openjdk.org
Wed Feb 4 23:13:32 UTC 2026
On Wed, 4 Feb 2026 22:59:29 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
> other groups will always be negotiated before them since they are at the end of the list.
I don't think we can come to this conclusion. Per TLS specification, at the end of the list, does not mean it will not be used. That's the reason why the specification is defined so. Otherwise, just one entry is fine.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/29577#issuecomment-3850200982
More information about the security-dev
mailing list