RFR: 8314323: Implement JEP 527: TLS 1.3 Hybrid Key Exchange [v15]
Bradford Wetmore
wetmore at openjdk.org
Sat Dec 6 07:54:12 UTC 2025
On Sat, 6 Dec 2025 06:12:57 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> Implement hybrid key exchange support for TLS 1.3 by adding three post-quantum hybrid named groups: X25519MLKEM768, SecP256r1MLKEM768, and SecP384r1MLKEM1024.
>> Please see [JEP 527](https://openjdk.org/jeps/527) for details about this change.
>
> Hai-May Chao has updated the pull request incrementally with two additional commits since the last revision:
>
> - Updates with Brad's and Sean's comments for new HybridProvider class
> - Updates with Weijun's comments for 3rd-party provider
Comments on the change to HybridProvider.java
src/java.base/share/classes/sun/security/ssl/DHasKEM.java line 259:
> 257: }
> 258:
> 259: public static class HybridService extends Provider.Service {
Shouldn't this be moved to `HybridProvider.java`?
src/java.base/share/classes/sun/security/ssl/HybridProvider.java line 57:
> 55: // The order of shares in the concatenation for group name
> 56: // X25519MLKEM768 has been reversed. This is due to IETF
> 57: // historical reasons.
Can we change this to something like "as per the current draft RFC?"
"historical reasons" is too vague. The draft/RFC is the real reason.
-------------
PR Review: https://git.openjdk.org/jdk/pull/27614#pullrequestreview-3547269198
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2594634717
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2594632217
More information about the security-dev
mailing list