RFR: 8373426: Remove ffdhe6144 and ffdhe8192 from default list of TLS named groups
Sean Mullan
mullan at openjdk.org
Thu Feb 5 18:32:11 UTC 2026
On Wed, 4 Feb 2026 23:10:57 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
> > other groups will always be negotiated before them since they are at the end of the list.
>
> I don't think we can come to this conclusion. Per TLS specification, at the end of the list, does not mean it will not be used. That's the reason why the specification is defined so. Otherwise, just one entry is fine.
These extremely large groups should really be opt-in as they are almost never used in practice and require additional resources to process, so the server should opt-in. I have found no evidence of them being used anywhere - do you have any references? In general, DHE groups and cipher suites are becoming legacy and I expect the JDK to eventually deprecate more of them as we move forward in the next few years.
The CSR's purpose is to document compatibility risk.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/29577#issuecomment-3855431753
More information about the security-dev
mailing list