Chapter 2. Eclipse Temurin features

Review the following release notes to understand new features and feature enhancements included with the Eclipse Temurin 17.0.9 release:

Increased default group size of TLS Diffie-Hellman

In OpenJDK 17.0.9, the JDK implementation of TLS 1.2 uses a default Diffie-Hellman key size of 2048 bits. This supersedes the behavior in previous releases where the default Diffie-Hellman key size was 1024 bits.

This enhancement is relevant when a TLS_DHE cipher suite is negotiated and either the client or the server does not support Finite Field Diffie-Hellman Ephemeral (FFDHE) parameters. The JDK TLS implementation supports FFDHE, which is enabled by default and can negotiate a stronger key size.

As a workaround, you can revert to the previous key size by setting the jdk.tls.ephemeralDHKeySize system property to 1024. However, to mitigate risk, consider using the default key size of 2048 bits.

See JDK-8301700 (JDK Bug System).

Output of -XshowSettings:locale option includes tzdata version

In OpenJDK 17.0.9, the -XshowSettings launcher option also prints the tzdata version that the JDK uses. The tzdata version is displayed as part of the output for the -XshowSettings:locale option.

For example:

Locale settings:
    default locale = English
    default display locale = English
    default format locale = English
    tzdata version = 2023c

See JDK-8305950 (JDK Bug System).

Certigna root CA certificate added

In OpenJDK 17.0.9, the cacerts truststore includes the following Certigna root certificate:

See JDK-8314960 (JDK Bug System).

Review the following release notes to understand pre-existing features that have been either deprecated or removed in Eclipse Temurin 17.0.9:

SECOM Trust Systems root CA1 certificate removed

OpenJDK 17.0.9 removes the following root certificate from the cacerts truststore:

See JDK-8295894 (JDK Bug System).

Revised on 2024-05-03 15:37:37 UTC