I've updated the webrev to address many of the comments. In particular adding checks when keys given directly. Also, the changing from legacyEC hardcoded list to a security property jdk.disabled.namedCurves. https://cr.openjdk.java.net/~ascarpino/8233228/webrev.01/ Tony