RFR[13] Release Note for JDK-8224520
Xuelei Fan
xuelei.fan at oracle.com
Tue Jun 18 02:29:46 UTC 2019
"The named elliptic curve groups `x25519` and `x448` are now available
for JSSE key agreement in TLS versions 1 to 1.3, ..."
---------
I may use "TLS version 1.0".
"**KNOWN ISSUE:** TLS_ECDH_* ciphersuites have been deprecated by the
IETF [RFC 8422](https://tools.ietf.org/html/rfc8422). The current JSSE
APIs do not support selection of static server keys required by the
TLS_ECDH_* ciphersuites. Therefore, ECDH_* ciphersuites using
x25519/x448 keys are not supported on the server side for XDH
(x25519/x448). "
---------
In the release note, there is a "Known Issues" category. I may use the
category for this known issue, by filing a new bug and a release-note
sub-task with the "RN-KnownIssue" label.
The first two sentences might be arguable. I may use a simple note, for
example:
"**KNOWN ISSUE:** For TLS 1.2 and prior versions, the ECDH key exchange
algorithms, for example ECDH_RSA and ECDH_ECDSA cipher suites, using
static x25519/x448 keys are not supported on the server side."
Otherwise, looks fine to me.
Thanks,
Xuelei
On 6/17/2019 5:37 PM, Bradford Wetmore wrote:
> Hi,
>
> Please review the release note for adding x25519/x448 named groups to
> TLS/JSSE:
>
> https://bugs.openjdk.java.net/browse/JDK-8225764
>
> Thanks,
>
> Brad
More information about the security-dev
mailing list