Integrated: 8374317: Change GCM IV size to 12 bytes when encrypting/decrypting TLS session ticket
Artur Barashev
abarashev at openjdk.org
Fri Jan 2 13:31:14 UTC 2026
On Wed, 24 Dec 2025 00:40:05 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
> 12 bytes is the recommended size for GCM per NIST SP 800-38D:
>
> For IVs, it is recommended that implementations restrict support to the length of 96 bits, to
> promote interoperability, efficiency, and simplicity of design.`
>
> Larger IV size requires an extra hashing step (GHASH). Currently we have it set to 16 bytes.
This pull request has now been integrated.
Changeset: 34395124
Author: Artur Barashev <abarashev at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/34395124018c434b0bad534cb6f85452466fd404
Stats: 4 lines in 1 file changed: 1 ins; 0 del; 3 mod
8374317: Change GCM IV size to 12 bytes when encrypting/decrypting TLS session ticket
Reviewed-by: djelinski, mpowers, ascarpino
-------------
PR: https://git.openjdk.org/jdk/pull/28971
More information about the security-dev
mailing list