# HG changeset patch
# User andrew
# Date 1437347486 -3600
# Node ID 7b2018284119b49c0b829d226128a90ff213dff2
# Parent  5ae5406c6f79454d3be3e3087da9d176b5a47b89
PR2487: Make jdk8 mode the default for jdk.tls.ephemeralDHKeySize
Summary: Backout 45680a70921daf8a5929b890de22c2fa5d117d82

diff -r 5ae5406c6f79 -r 7b2018284119 src/share/classes/sun/security/ssl/ServerHandshaker.java
--- a/src/share/classes/sun/security/ssl/ServerHandshaker.java	Sat Jul 18 00:45:28 2015 +0100
+++ b/src/share/classes/sun/security/ssl/ServerHandshaker.java	Mon Jul 20 00:11:26 2015 +0100
@@ -111,15 +111,15 @@
         String property = AccessController.doPrivileged(
                     new GetPropertyAction("jdk.tls.ephemeralDHKeySize"));
         if (property == null || property.length() == 0) {
-            useLegacyEphemeralDHKeys = true;
+            useLegacyEphemeralDHKeys = false;
             useSmartEphemeralDHKeys = false;
             customizedDHKeySize = -1;
         } else if ("matched".equals(property)) {
             useLegacyEphemeralDHKeys = false;
             useSmartEphemeralDHKeys = true;
             customizedDHKeySize = -1;
-        } else if ("jdk8".equals(property)) {
-            useLegacyEphemeralDHKeys = false;
+        } else if ("legacy".equals(property)) {
+            useLegacyEphemeralDHKeys = true;
             useSmartEphemeralDHKeys = false;
             customizedDHKeySize = -1;
         } else {
@@ -1230,13 +1230,14 @@
          * 768 bits ephemeral DH private keys were used to be used in
          * ServerKeyExchange except that exportable ciphers max out at 512
          * bits modulus values. We still adhere to this behavior in legacy
-         * mode (system property "jdk.tls.ephemeralDHKeySize"
-         * is not defined).
+         * mode (system property "jdk.tls.ephemeralDHKeySize" is defined
+         * as "legacy").
          *
-         * New JDK (JDK 8 and later) releases use a 1024 bit DH key for
-         * non-exportable cipher suites in default mode and this can
-         * be enabled when the system property "jdk.tls.ephemeralDHKeySize"
-         * is defined as "jdk8".
+         * Older versions of OpenJDK don't support DH keys bigger
+         * than 1024 bits. We have to consider the compatibility requirement.
+         * 1024 bits DH key is always used for non-exportable cipher suites
+         * in default mode (system property "jdk.tls.ephemeralDHKeySize"
+         * is not defined).
          *
          * However, if applications want more stronger strength, setting
          * system property "jdk.tls.ephemeralDHKeySize" to "matched"