RFR: 8314323: Implement JEP 527: TLS 1.3 Hybrid Key Exchange [v19]
Bradford Wetmore
wetmore at openjdk.org
Tue Dec 9 05:05:10 UTC 2025
On Sun, 7 Dec 2025 03:36:45 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> Implement hybrid key exchange support for TLS 1.3 by adding three post-quantum hybrid named groups: X25519MLKEM768, SecP256r1MLKEM768, and SecP384r1MLKEM1024.
>> Please see [JEP 527](https://openjdk.org/jeps/527) for details about this change.
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>
> Remove len check from encapsulate
Couple of minor issues.
I'll approve the next round.
src/java.base/share/classes/sun/security/ssl/Hybrid.java line 385:
> 383: }
> 384:
> 385: public record SecretKeyImpl(SecretKey k1, SecretKey k2)
I mentioned this earlier as part of a general comment. Several got addressed, but these got missed. I think the `PublicKeys`/`PrivateKey`/`SecretKey` here could all be package private (can't be private, as they are used in a couple other classes).
-------------
PR Review: https://git.openjdk.org/jdk/pull/27614#pullrequestreview-3554942157
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2600796373
More information about the security-dev
mailing list