RFR: 8373426: Remove ffdhe6144 and ffdhe8192 from default list of TLS named groups
Mikhail Yankelevich
myankelevich at openjdk.org
Thu Feb 5 15:16:53 UTC 2026
On Wed, 4 Feb 2026 19:29:02 GMT, Kirill Shirokov <kshiroko at openjdk.org> wrote:
> Removed FFDHE_6144 and FFHDE_8192 from the default list of TLS named groups, so now to consider them as candidates in TLS handshake user has to enable them explicitly (e.g. `-Djdk.tls.namedGroups=ffdhe6144,ffhde8192`)
>
> Tested on Linux x64/aarch64, MacOS aarch64, Windows x64 using jtreg `test/jdk/sun/security/ssl` and `test/jdk/javax/net/ssl`.
>
> [tests-linux-aarch64.log](https://github.com/user-attachments/files/25080233/tests-linux-aarch64.log)
> [tests-linux-x86.log](https://github.com/user-attachments/files/25080235/tests-linux-x86.log)
> [tests-macos-aarch64.log](https://github.com/user-attachments/files/25080236/tests-macos-aarch64.log)
> [tests-windows-x64.log](https://github.com/user-attachments/files/25080237/tests-windows-x64.log)
test/jdk/sun/security/ssl/DHKeyExchange/UseStrongDHSizes.java line 31:
> 29: /*
> 30: * @test
> 31: * @bug 8140436
Could you please add an ID to `@bug`?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/29577#discussion_r2769680278
More information about the security-dev
mailing list