RFR: 8314323: Implement JEP 527: TLS 1.3 Hybrid Key Exchange [v7]
Hai-May Chao
hchao at openjdk.org
Thu Nov 6 05:44:55 UTC 2025
> Implement hybrid key exchange support for TLS 1.3 by adding three post-quantum hybrid named groups: X25519MLKEM768, SecP256r1MLKEM768, and SecP384r1MLKEM1024.
> Please see [JEP 527](https://openjdk.org/jeps/527) for details about this change.
Hai-May Chao has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 11 additional commits since the last revision:
- Merge
- Revert changes to UseStrongDHSizes test as ffdhe6144/8192 added back
- Updated comment in ServerHello and hybrid to upper-case in NamedGroup
- Fix typo in NamedGroup test
- Call getProvider() in NamedGroup.java
- Rename NAMED_GROUP_KEM from PQC to KEM
- Updates with review comments
- Updates with review comments
- 8314323: TLS 1.3 Hybrid Key Exchange
- Merge
- ... and 1 more: https://git.openjdk.org/jdk/compare/bafb5554...55503c0d
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/27614/files
- new: https://git.openjdk.org/jdk/pull/27614/files/f98b5385..55503c0d
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=27614&range=06
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=27614&range=05-06
Stats: 122618 lines in 2163 files changed: 71151 ins; 38964 del; 12503 mod
Patch: https://git.openjdk.org/jdk/pull/27614.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/27614/head:pull/27614
PR: https://git.openjdk.org/jdk/pull/27614
More information about the security-dev
mailing list