RFR: 8314323: Implement JEP 527: TLS 1.3 Hybrid Key Exchange [v9]
Bradford Wetmore
wetmore at openjdk.org
Wed Nov 26 18:06:00 UTC 2025
On Wed, 26 Nov 2025 03:34:47 GMT, Bradford Wetmore <wetmore at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with three additional commits since the last revision:
>>
>> - Update names to uppercase
>> - Remove fallback in engineGeneratePublic
>> - Change default named group list to have only X25519MLKEM768
>
> src/java.base/share/classes/com/sun/crypto/provider/DH.java line 86:
>
>> 84: "right", "X25519");
>> 85: putService(new HybridService(this, "KeyPairGenerator",
>> 86: "X25519MLKEM768", "sun.security.util.Hybrid$KeyPairGeneratorImpl",
>
> Is there a reason why `Hybrid` is in `sun.security.util` instead of `com.sun.crypto.provider`? This is the only place it's used, so `c.s.c.p` seems to be a more natural place for it, but maybe I'm just not far enough into the guts of the code yet.
Did you place it here because Key Pairs generally live in `s.s.*`?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2566006911
More information about the security-dev
mailing list