Bug ID: JDK-6956398 make ephemeral DH key match the length of the certificate key

JDK-6956398 : make ephemeral DH key match the length of the certificate key

Type: Enhancement
Component: security-libs
Sub-Component: javax.net.ssl
Affected Version: 6,7,8

Priority: P2
Status: Closed
Resolution: Fixed
OS: generic
CPU: generic

Submitted: 2010-05-27
Updated: 2017-05-16
Resolved: 2013-10-08

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 6	JDK 7	JDK 8	Other
6u101Resolved	7u85Resolved	8 b112Fixed	openjdk7uFixed

Related Reports

Relates :	JDK-8173849 - [TEST] Fix use of java.util.Base64 in test cases
Relates :	JDK-6521495 - Lift 1024-bit long prime restriction on Diffie-Hellman
Relates :	JDK-7044060 - Need to support NSA Suite B Cryptography algorithms

Description

Need to make ephemeral DH key in TLS handshaking match the length of the certificate key.

Comments

Marking this as verified based on regression test results on jdk 8 b116-b129

24-02-2014

JDK-7044060 has been addressed to support DH keys greater then 1024. Need to address this CR as soon as possible.

11-12-2012

EVALUATION Depends on CR 6521495.

19-07-2010