RFR: 8314323: TLS 1.3 Hybrid Key Exchange
Artur Barashev
abarashev at openjdk.org
Fri Oct 3 17:21:51 UTC 2025
On Fri, 3 Oct 2025 17:05:57 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/DH.java line 248:
>>
>>> 246: "XDH", "XDH", NamedParameterSpec.X25519),
>>> 247:
>>> 248: X448(56, 56,
>>
>> Why do we need `X448` and `P521`?
>
> Need, no. Want, yes. The support for traditional curves that are not part of the first round of hybrid KEMs lays the groundwork for future hybrid KEMs that might use these larger curves. It also gives us the base framework to move these algorithms as named groups to KEM implementations in the future.
I see, thanks for the explanation! I guess it makes sense if we expect those curves to be used in the future rounds of hybrid KEM.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2402716798
More information about the security-dev
mailing list