JDK-8302171 : Release Note: The Default TLS Diffie-Hellman Group Size Has Been Increased from 1024-bit to 2048-bit
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version:
    7u401,8u391,11.0.21-oracle,17.0.9-oracle,21 7u401,8u391,11.0.21-oracle,17.0.9-oracle,21
  • Priority: P3
  • Status: Resolved
  • Resolution: Delivered
  • Submitted: 2023-02-09
  • Updated: 2023-05-23
  • Resolved: 2023-02-15
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 17 JDK 21 JDK 7 JDK 8
11.0.21-oracleResolved 17.0.9-oracleResolved 21Resolved 7u401Resolved 8u391Resolved
Description
The JDK implementation of TLS 1.2 now uses a default Diffie Hellman keysize of 2048 bits when a TLS_DHE cipher suite is negotiated and either the client or server does not support FFDHE, which can negotiate a stronger keysize. The JDK TLS implementation supports FFDHE and it is enabled by default.

As a workaround, users can revert to the previous size by setting the `jdk.tls.ephemeralDHKeySize` system property to 1024 (at their own risk).

This change does not affect TLS 1.3 as the minimum DH group size is already 2048 bits.