JDK-8297228 : Out-of-date docs for jdk.tls.ephemeralKeySize property
  • Type: Bug
  • Component: docs
  • Sub-Component: guides
  • Affected Version: 8-pool,11-pool,17-pool,20
  • Priority: P4
  • Status: In Progress
  • Resolution: Unresolved
  • Submitted: 2022-11-17
  • Updated: 2022-12-16
Description
https://docs.oracle.com/en/java/javase/19/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-D9B216E8-3EFC-4882-B76E-17A87D8F2F9D says the value can be:

"A valid integer between 1024 and 2048, inclusively: A fixed ephemeral DH key size of the specified value, in bits, will be used for non-exportable cipher suites."

It should be:

"A valid integer between 1024 and 8192 in multiples of 64, inclusively: A fixed ephemeral DH key size of the specified value, in bits, will be used for non-exportable cipher suites."

The same text should be placed in the Integer value (fixed) of the 2nd row of the table below it.

There is a typo in the paragraph above the table: s/summaries/summarizes/

This section also does not discuss the affects on this property when the jsse.enableFFDHE property is not set (or set to true) on the client. When FFDHE is enabled, the jdk.tls.ephemeralKeySize property is ignored under certain conditions and a named group is instead used. Will need to provide more text for this later.