RFR: 8314323: TLS 1.3 Hybrid Key Exchange
Jamil Nimeh
jnimeh at openjdk.org
Fri Oct 3 18:10:53 UTC 2025
On Fri, 3 Oct 2025 17:20:04 GMT, Bernd <duke at openjdk.org> wrote:
>> Implement hybrid key exchange support for TLS 1.3 by adding three post-quantum hybrid named groups: X25519MLKEM768, SecP256r1MLKEM768, and SecP384r1MLKEM1024.
>> Please see [JEP 527](https://openjdk.org/jeps/527) for details about this change.
>
> src/java.base/share/classes/sun/security/ssl/NamedGroup.java line 906:
>
>> 904: NamedGroup[] groups = new NamedGroup[] {
>> 905:
>> 906: // Hybrid key agreements
>
> It feels like all the infra for X448MLKEM1024 is there, so rather than removing x448 from this patch, why not implement it (it’s more obvious than P511 Variants)
Indeed the infrastructure is there, but I don't see an IETF draft that covers that hybrid variant for TLS, nor do I see an IANA mapping for it here: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
There needs to be a standard for TLS 1.3 backing these hybrid KEMs before we implement them.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2402875164
More information about the security-dev
mailing list