Bug ID: JDK-8302577 Update JSSE Guide for JDK-8301700: Increase the default TLS Diffie-Hellman group size from 1024-bit to 2048-bit

JDK-8302577 : Update JSSE Guide for JDK-8301700: Increase the default TLS Diffie-Hellman group size from 1024-bit to 2048-bit

Type: Enhancement
Component: docs
Sub-Component: guides
Affected Version: 21

Priority: P4
Status: Resolved
Resolution: Delivered

Submitted: 2023-02-15
Updated: 2023-10-17
Resolved: 2023-07-18

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 11	JDK 17	JDK 21	JDK 8
11.0.21-oracleResolved	17.0.9-oracleResolved	21Resolved	8u401Fixed

Related Reports

Relates :	JDK-8301700 - Increase the default TLS Diffie-Hellman group size from 1024-bit to 2048-bit
Relates :	JDK-8305977 - Incomplete JSSE docs for FFDHE

Description

- Table 8-3, the default for jdk.tls.ephemeralDHKeySize should be changed to 2048 bits. 

- In the "Customizing Size of Ephemeral Diffie-Hellman Keys" section, the default should be changed to 2048 bits in a few places and in Table 8.4.

Comments

[11u-na, 17u-na] Docs not maintained in-the-open.

13-10-2023