RFR: 8314323: Implement JEP 527: TLS 1.3 Hybrid Key Exchange [v9]
Hai-May Chao
hchao at openjdk.org
Tue Dec 9 06:41:08 UTC 2025
On Tue, 2 Dec 2025 16:58:40 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with three additional commits since the last revision:
>>
>> - Update names to uppercase
>> - Remove fallback in engineGeneratePublic
>> - Change default named group list to have only X25519MLKEM768
>
> test/jdk/sun/security/ssl/CipherSuite/DisabledCurve.java line 43:
>
>> 41: DisabledCurve DISABLE_NONE PASS
>> 42: * @run main/othervm -Djdk.tls.namedGroups="SecP384r1MLKEM1024"
>> 43: DisabledCurve SecP384r1MLKEM1024 FAIL
>
> A different way to enhance this test so that the hybrids are only tested with TLS 1.3 would be to add additional optional command-line arguments that take the client and server protocols you want to _only_ test with, respectively, ex:
>
>
> @run main/othervm -Djdk.tls.namedGroups="SecP384r1MLKEM1024"
> DisabledCurve DISABLE_NONE PASS TLSv1.3 TLSv1.3
>
>
> Just for your consideration, if you have time.
Keep the code as is for now (which follows the current model).
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2601296558
More information about the security-dev
mailing list