Hi Weijun, Are you available to review this update?
webrev: http://cr.openjdk.java.net/~xuelei/6956398/webrev.00/ This is an enhancement to support stronger ephemeral DH keys during TLS handshaking. A new system property is defined "jdk.tls.ephemeralDHKeySize". By default, the value of this system property is not defined. This system property won't impact DH key size in ServerKeyExchange message of exportable cipher suites. If this system property is defined as "legacy", no actually behavior change within this update. If this system property is defined as "smart", for non-exportable anonymous cipher suites, the DH key size in ServerKeyExchange message is updated from 768 bits to 1024 bits; and for X.509 certificate based authentication (of non-exportable cipher suites), the DH key size matching the corresponding authentication key is used except that the size should be between 1024 bits and 2048 bits. For example, if the public key size of an authentication certificate is 2048 bits, then the ephemeral DH key size should be 2048 bits accordingly unless the cipher suite is exportable. If this system property is defined as a valid integer between 1024 and 2048 inclusive, a fixed ephemeral DH key size as the specified integer value will be used for non-exportable cipher suites. If this system property is not defined, or the value is other than "legacy", "smart" and a valid integer, 1024 bits DH key is always used for non-exportable cipher suites. Note that with this fix, the biggest acceptable key size is 2048 bits because DH keys bigger than 2048 bits may be not supported by underlying JCE providers (for example, SunJCE provider). We may update the default ephemeral DH key size (which is 1024 bits with this fix) again in the future if the industry needs to use stronger strength. This update only impact DHE_RSA, DHE_DSS and DH_anon based cipher suites in Oracle provider. Here is a recap of the behaviors: jdk.tls.ephemeralDHKeySize | legacy | smart | integer | other | | | (fixed) | ---------------------------+--------+-------+----------+------ exportable DH key size | 512 | 512 | 512 | 512 ---------------------------+--------+-------+----------+------ anonymous | 768 | 1024 | fixed[+] | 1024 ---------------------------+--------+-------+----------+------ authentication cert | 768 | [*] | fixed[+] | 1024 [*]: the key size the same as the authentication certificate, but should be between 1024-bits and 2048-bits, inclusive. [+]: the fixed key size is specified by a valid integer property value, which should be between 1024-bits and 2048-bits, inclusive. Thanks, Xuelei
