Hello, I also think there is no short version for TLS anyway. RFC 5288 states that the Tag is 128 bit and the hmac truncation extension (which would allow 80 bit) is not valid for GCM.
Gruss Bernd -- http://bernd.eckenfels.net ________________________________ From: security-dev <[email protected]> on behalf of Valerie Peng <[email protected]> Sent: Monday, April 17, 2017 10:31:29 PM To: [email protected] Subject: Re: Short AES GCM Tags? The short tag length is not for general applications and their usage comes with additional requirements such as length of input data and lifetime of the key which SunJCE provider does not implement. Thus, SunJCE provider limits the supported tag length to the 5 values defined for general-purpose applications. Regards, Valerie On 4/13/2017 1:58 PM, Mike Duigou wrote: > I've discovered that the Java 8 JSSE doesn't allow 64 or 32 bit tags > to be used with AES GCM. (Enforced in CipherCore) I had hoped to use > short tags per the guidance of NIST Special Publication 800-38D > Appendix C. The Javadoc for GCMParameterSpec mentions 32 and 64 bit > tags but I can't find an explanation of why small tags are not > supported by Java 8 JSSE. > > Is there a reason that the short tags aren't offered? > > Thanks, > > Mike
