On Wed, 24 Dec 2025 00:40:05 GMT, Artur Barashev <[email protected]> wrote:
> 12 bytes is the recommended size for GCM per NIST SP 800-38D: > > For IVs, it is recommended that implementations restrict support to the > length of 96 bits, to > promote interoperability, efficiency, and simplicity of design.` > > Larger IV size requires an extra hashing step (GHASH). Currently we have it > set to 16 bytes. This pull request has now been integrated. Changeset: 34395124 Author: Artur Barashev <[email protected]> URL: https://git.openjdk.org/jdk/commit/34395124018c434b0bad534cb6f85452466fd404 Stats: 4 lines in 1 file changed: 1 ins; 0 del; 3 mod 8374317: Change GCM IV size to 12 bytes when encrypting/decrypting TLS session ticket Reviewed-by: djelinski, mpowers, ascarpino ------------- PR: https://git.openjdk.org/jdk/pull/28971
