RFR: 8314323: Implement JEP 527: TLS 1.3 Hybrid Key Exchange [v13]
Weijun Wang
weijun at openjdk.org
Fri Dec 5 16:13:25 UTC 2025
On Fri, 5 Dec 2025 03:39:22 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> Implement hybrid key exchange support for TLS 1.3 by adding three post-quantum hybrid named groups: X25519MLKEM768, SecP256r1MLKEM768, and SecP384r1MLKEM1024.
>> Please see [JEP 527](https://openjdk.org/jeps/527) for details about this change.
>
> Hai-May Chao has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 27 commits:
>
> - reapply changes after merge
> - Merge
> - backout conflict change in KeyShareExtension.java
> - Updates with Weijun's comments
> - Remove null check to not assume key is returned
> - Updates with Brad's and Sean's comments
> - Move Hybrid.java to sun.security.ssl
> - Move DH.java to sun.security.ssl as DHasKEM.java
> - Update names to uppercase
> - Remove fallback in engineGeneratePublic
> - ... and 17 more: https://git.openjdk.org/jdk/compare/7e91d34f...9c362c3e
src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java line 731:
> 729: nps.getName() : null;
> 730: return algName != null && constraints.permits(
> 731: EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
Should this be `KEY_ENCAPSULATION`? How did we test this?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2593205603
More information about the security-dev
mailing list