RFR: 8314323: TLS 1.3 Hybrid Key Exchange
Jamil Nimeh
jnimeh at openjdk.org
Fri Oct 3 17:08:47 UTC 2025
On Fri, 3 Oct 2025 16:53:00 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Implement hybrid key exchange support for TLS 1.3 by adding three post-quantum hybrid named groups: X25519MLKEM768, SecP256r1MLKEM768, and SecP384r1MLKEM1024.
>> Please see [JEP 527](https://openjdk.org/jeps/527) for details about this change.
>
> src/java.base/share/classes/com/sun/crypto/provider/DH.java line 248:
>
>> 246: "XDH", "XDH", NamedParameterSpec.X25519),
>> 247:
>> 248: X448(56, 56,
>
> Why do we need `X448` and `P521`?
Need, no. Want, yes. The support for traditional curves that are not part of the first round of hybrid KEMs lays the groundwork for future hybrid KEMs that might use these larger curves. It also gives us the base framework to move these algorithms as named groups to KEM implementations in the future.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2402680762
More information about the security-dev
mailing list