On Wed, 4 Feb 2026 23:10:57 GMT, Xue-Lei Andrew Fan <[email protected]> wrote:
> > other groups will always be negotiated before them since they are at the > > end of the list. > > I don't think we can come to this conclusion. Per TLS specification, at the > end of the list, does not mean it will not be used. That's the reason why the > specification is defined so. Otherwise, just one entry is fine. These extremely large groups should really be opt-in as they are almost never used in practice and require additional resources to process, so the server should opt-in. I have found no evidence of them being used anywhere - do you have any references? In general, DHE groups and cipher suites are becoming legacy and I expect the JDK to eventually deprecate more of them as we move forward in the next few years. The CSR's purpose is to document compatibility risk. ------------- PR Comment: https://git.openjdk.org/jdk/pull/29577#issuecomment-3855431753
