JDK-8330108 : Increase CipherInputStream buffer size
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Affected Version: 17,21,22,23
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2024-04-11
  • Updated: 2025-08-07
  • Resolved: 2024-04-23
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 23
23 b20Fixed
Related Reports
Relates :  
JDK-8298249 - Excessive memory allocation in CipherInputStream AEAD decryption
Sub Tasks
JDK-8330632 :  
Release Note: Increase `CipherInputStream` Buffer Size - Closed
Description
CipherInputStream has a buffer size of 512 bytes. This is very small, and we see better performance from a larger buffer size in our applications. We sometimes see folks even hacking into CIS internals and allocating 8192-sized buffers with reflective hacks to avoid performance penalties.

As per the comment on the current buffer:

> the size 512 bytes is somewhat randomly chosen

Other examples use larger buffers, like 8192 for ChannelInputStream and FileInputStream, or 16384 for InputStream itself.
Comments
[jdk21u-fix-no comment] This is a risky change. Users who want the mitigation for AEAD decryption performance could go for JDK 25 or use existing work-arounds. Changing it whole-sale for an existing stable release seems unwise.
07-08-2025
[jdk21u-fix-request] Approval Request from Michael De Vera Backport of [JDK-8330108](https://bugs.openjdk.org/browse/JDK-8330108), to increase CipherInputStream buffer size from 512 to 8192 bytes. Backport is clean, and passes GHA sanity checks as well as tier1-tier2 jtreg, which includes javax/crypto tests. This change helps improve performance (see [here](https://github.com/openjdk/jdk/pull/18763#issue-2240397526)) and lines up with other JDK InputStream classes.
30-07-2025
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk21u-dev/pull/2022 Date: 2025-07-30 00:01:04 +0000
30-07-2025
Changeset: 6158da5e Author: Oli Gillespie <ogillespie@openjdk.org> Committer: Aleksey Shipilev <shade@openjdk.org> Date: 2024-04-23 12:37:36 +0000 URL: https://git.openjdk.org/jdk/commit/6158da5e9569f4260bd6d968c940c9979583118a
23-04-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/18763 Date: 2024-04-12 15:34:01 +0000
12-04-2024
This also might help to mitigate JDK-8298249 in JDKs prior 21.
11-04-2024