RFR: 8314323: Implement JEP 527: TLS 1.3 Hybrid Key Exchange [v13]
Hai-May Chao
hchao at openjdk.org
Fri Dec 5 03:39:22 UTC 2025
> Implement hybrid key exchange support for TLS 1.3 by adding three post-quantum hybrid named groups: X25519MLKEM768, SecP256r1MLKEM768, and SecP384r1MLKEM1024.
> Please see [JEP 527](https://openjdk.org/jeps/527) for details about this change.
Hai-May Chao has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 27 commits:
- reapply changes after merge
- Merge
- backout conflict change in KeyShareExtension.java
- Updates with Weijun's comments
- Remove null check to not assume key is returned
- Updates with Brad's and Sean's comments
- Move Hybrid.java to sun.security.ssl
- Move DH.java to sun.security.ssl as DHasKEM.java
- Update names to uppercase
- Remove fallback in engineGeneratePublic
- ... and 17 more: https://git.openjdk.org/jdk/compare/7e91d34f...9c362c3e
-------------
Changes: https://git.openjdk.org/jdk/pull/27614/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=27614&range=12
Stats: 1809 lines in 21 files changed: 1695 ins; 41 del; 73 mod
Patch: https://git.openjdk.org/jdk/pull/27614.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/27614/head:pull/27614
PR: https://git.openjdk.org/jdk/pull/27614
More information about the security-dev
mailing list