RFR: 8314323: Implement JEP 527: TLS 1.3 Hybrid Key Exchange [v13]
Hai-May Chao
hchao at openjdk.org
Sat Dec 6 07:24:15 UTC 2025
On Fri, 5 Dec 2025 16:10:08 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 27 commits:
>>
>> - reapply changes after merge
>> - Merge
>> - backout conflict change in KeyShareExtension.java
>> - Updates with Weijun's comments
>> - Remove null check to not assume key is returned
>> - Updates with Brad's and Sean's comments
>> - Move Hybrid.java to sun.security.ssl
>> - Move DH.java to sun.security.ssl as DHasKEM.java
>> - Update names to uppercase
>> - Remove fallback in engineGeneratePublic
>> - ... and 17 more: https://git.openjdk.org/jdk/compare/7e91d34f...9c362c3e
>
> src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java line 731:
>
>> 729: nps.getName() : null;
>> 730: return algName != null && constraints.permits(
>> 731: EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
>
> Should this be `KEY_ENCAPSULATION`? How did we test this?
`KEY_ENCAPSULATION` is defined for the X.509 keyUsage extension for `keyEncipherment` (not for TLS key exchange). To test disabling a specific algorithm in JSSE, we can use the `jdk.tls.disabledAlgorithms` security property. We have a test `RestrictNamedGroup.java` that uses this property to verify algorithm constraints for TLS. We updated this test to include coverage for hybrid algorithms.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2594592105
More information about the security-dev
mailing list