RFR: 8314323: Implement JEP 527: TLS 1.3 Hybrid Key Exchange [v9]
Hai-May Chao
hchao at openjdk.org
Wed Dec 3 09:21:23 UTC 2025
On Mon, 24 Nov 2025 18:10:30 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with three additional commits since the last revision:
>>
>> - Update names to uppercase
>> - Remove fallback in engineGeneratePublic
>> - Change default named group list to have only X25519MLKEM768
>
> src/java.base/share/classes/sun/security/ssl/NamedGroup.java line 232:
>
>> 230: NamedGroupSpec.NAMED_GROUP_KEM,
>> 231: ProtocolVersion.PROTOCOLS_OF_13,
>> 232: null),
>
> I know the 3 named groups above are not used yet, but the `name` field will be used in the constructor by `KeyFactory.getInstance(name)`. Since "MLKEM1024" is not a standard algorithm name, the call would failed with a NSAE.
The `AlgorithmParameterSpec` for these 3 named groups registry are set to null. In the constructor, the `mediator` will be false for them so that `KeyFactory.getInstance(name)` will not be called to fail with a NSAE. Will do some translation when we support post-quantum ML-KEM.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2584260461
More information about the security-dev
mailing list