RFR: 8314323: Implement JEP 527: TLS 1.3 Hybrid Key Exchange [v6]
Bradford Wetmore
wetmore at openjdk.org
Wed Nov 26 05:23:09 UTC 2025
On Mon, 24 Nov 2025 07:45:58 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/DH.java line 71:
>>
>>> 69: public static final Provider PROVIDER = new ProviderImpl();
>>> 70:
>>> 71: private static class ProviderImpl extends Provider {
>>
>> Why not expose the Provider to public?
>
> We introduce DH Provider that implements DH as a KEM, and DH is wrapped as a KEM for encapsulate and decapsulate. It is an internal translation layer, not a real new public algorithm, so it is not exposed to public.
The `Provider` needs much more info here about what it's doing, and that this `Provider` doesn't actually get installed in the system's list of security providers that is searched at runtime.
This is strictly an internal provider used in the JSSE code.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2562846755
More information about the security-dev
mailing list