RFR: 8373426: Remove ffdhe6144 and ffdhe8192 from default list of TLS named groups [v2]
Kirill Shirokov
kshiroko at openjdk.org
Fri Feb 6 01:16:20 UTC 2026
> Removed FFDHE_6144 and FFHDE_8192 from the default list of TLS named groups, so now to consider them as candidates in TLS handshake user has to enable them explicitly (e.g. `-Djdk.tls.namedGroups=ffdhe6144,ffhde8192`)
>
> Tested on Linux x64/aarch64, MacOS aarch64, Windows x64 using jtreg `test/jdk/sun/security/ssl` and `test/jdk/javax/net/ssl`.
>
> [tests-linux-aarch64.log](https://github.com/user-attachments/files/25080233/tests-linux-aarch64.log)
> [tests-linux-x86.log](https://github.com/user-attachments/files/25080235/tests-linux-x86.log)
> [tests-macos-aarch64.log](https://github.com/user-attachments/files/25080236/tests-macos-aarch64.log)
> [tests-windows-x64.log](https://github.com/user-attachments/files/25080237/tests-windows-x64.log)
Kirill Shirokov has updated the pull request incrementally with one additional commit since the last revision:
Added new bug reference to test/jdk/sun/security/ssl/DHKeyExchange/UseStrongDHSizes.java
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/29577/files
- new: https://git.openjdk.org/jdk/pull/29577/files/86ff15b8..8930f189
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=29577&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=29577&range=00-01
Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
Patch: https://git.openjdk.org/jdk/pull/29577.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/29577/head:pull/29577
PR: https://git.openjdk.org/jdk/pull/29577
More information about the security-dev
mailing list