RFR: 8370885: Default namedGroups values are not being filtered against algorithm constraints
Matthew Donovan
mdonovan at openjdk.org
Thu Nov 20 16:53:52 UTC 2025
On Wed, 19 Nov 2025 17:26:25 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
> NamedGroup.SupportedGroups.namedGroups values are not being filtered against algorithm constraints, unlike other SSLParameters returned by SSLConfiguration#getSSLParameters() call. Those are the values being displayed to the user with "java -XshowSettings:security:tls" command.
>
> Also making changes to avoid needless default group names lookup while we are touching this file.
src/java.base/share/classes/sun/security/ssl/NamedGroup.java line 751:
> 749:
> 750: // Primary NIST Suite B curves
> 751: SECP256_R1,
Just curious why you use the '_' instead of just SECP256R1?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28397#discussion_r2546828854
More information about the security-dev
mailing list