RFR: 8370885: Default namedGroups values are not being filtered against algorithm constraints
Artur Barashev
abarashev at openjdk.org
Thu Nov 20 17:14:58 UTC 2025
On Thu, 20 Nov 2025 16:46:21 GMT, Matthew Donovan <mdonovan at openjdk.org> wrote:
>> NamedGroup.SupportedGroups.namedGroups values are not being filtered against algorithm constraints, unlike other SSLParameters returned by SSLConfiguration#getSSLParameters() call. Those are the values being displayed to the user with "java -XshowSettings:security:tls" command.
>>
>> Also making changes to avoid needless default group names lookup while we are touching this file.
>
> src/java.base/share/classes/sun/security/ssl/NamedGroup.java line 751:
>
>> 749:
>> 750: // Primary NIST Suite B curves
>> 751: SECP256_R1,
>
> Just curious why you use the '_' instead of just SECP256R1?
I actually don't know, the enums were in this form starting with the first version of this file. I just moved the default values.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28397#discussion_r2546920882
More information about the security-dev
mailing list