RFR: 8314323: Implement JEP 527: TLS 1.3 Hybrid Key Exchange [v15]
Bradford Wetmore
wetmore at openjdk.org
Sat Dec 6 07:39:08 UTC 2025
On Sat, 6 Dec 2025 06:12:57 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> Implement hybrid key exchange support for TLS 1.3 by adding three post-quantum hybrid named groups: X25519MLKEM768, SecP256r1MLKEM768, and SecP384r1MLKEM1024.
>> Please see [JEP 527](https://openjdk.org/jeps/527) for details about this change.
>
> Hai-May Chao has updated the pull request incrementally with two additional commits since the last revision:
>
> - Updates with Brad's and Sean's comments for new HybridProvider class
> - Updates with Weijun's comments for 3rd-party provider
I know we haven't been consistent in the visibility of the internal JSSE classes (and members therein), but many (all?) of the new classes (including nested classes: e.g. Hybrid.*) could be package-private/final (or even private) instead of public.
I'm not suggesting going through and doing an overhaul of the `sun.security.ssl` package, just the new ones.
Also, you changed the files while I was reviewing, so some of my comments may have been lost. I can't seem to find them in the "pending" state. Hopefully they will show up in the comments here.
-------------
PR Review: https://git.openjdk.org/jdk/pull/27614#pullrequestreview-3547078547
More information about the security-dev
mailing list