On Wed, 24 Dec 2025 04:40:56 GMT, Artur Barashev <[email protected]> wrote:
>> 12 bytes is the recommended size for GCM per NIST SP 800-38D: >> >> For IVs, it is recommended that implementations restrict support to the >> length of 96 bits, to >> promote interoperability, efficiency, and simplicity of design.` >> >> Larger IV size requires an extra hashing step (GHASH). Currently we have it >> set to 16 bytes. > > Artur Barashev has updated the pull request with a new target base due to a > merge or a rebase. The incremental webrev excludes the unrelated changes > brought in by the merge/rebase. The pull request contains three additional > commits since the last revision: > > - Make GCM IV a constant. Update copyright year. > - Merge branch 'master' into JDK-8374317 > - 8374317: Change GCM IV size to 12 bytes when encrypting/decrypting TLS > session ticket Marked as reviewed by djelinski (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/28971#pullrequestreview-3610892298
