Setting a list of enabled named groups
If the default list of enabled named groups is inadequate for your application, you can use the
jdk.tls.namedGroups
system property to specify an additional list of named groups.
The following list shows the named groups that are enabled by default.
After service refresh 6:
// recommended
secp256r1 (23)
secp384r1 (24)
secp521r1 (25)
ffdhe2048 (256)
ffdhe3072 (257)
ffdhe4096 (258)
ffdhe6144 (259)
ffdhe8192 (260)
Note: Support for
ffdhe3072
, ffdhe4096
,
ffdhe6144
and ffdhe8192
requires the IBMJCEPlus or the
IBMJCEPlusFIPS providers.Before service refresh 6:
// recommended
secp256r1 (23)
secp384r1 (24)
secp521r1 (25)
// NIST curves
sect283k1 (9)
sect283r1 (10)
sect409k1 (11)
sect409r1 (12)
sect571k1 (13)
sect571r1 (14)
// Non-FIPS curves
secp256k1 (22)
Additional named groups can be specified be setting the
jdk.tls.namedGroups
system property. For
example:jdk.tls.namedGroups="secp521r1,secp256r1,ffdhe2048"
The
values for named groups must be separated with a comma. If the system property is not defined or the
value is empty, the default named groups and preferences are used.