RFR: 8314323: TLS 1.3 Hybrid Key Exchange
Bernd
duke at openjdk.org
Sat Oct 4 10:31:47 UTC 2025
On Fri, 3 Oct 2025 18:30:08 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/NamedGroup.java line 802:
>>
>>> 800: FFDHE_3072,
>>> 801: FFDHE_4096,
>>> 802: FFDHE_6144,
>>
>> Unrelated change?
>
> No, the choise to knock out ffdhe6144 and 8192 from the default list was done on purpose. I don't think they get much use and they can always be re-enabled via SSLParameters or the system property. We're open to feedback on this if you or others feel like they should remain in place, though.
The change is I think ok, doesn’t make much of a difference for most cases I was just thinking it needed its own commit and ticket reference but if it was intentional fine as well.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2403898451
More information about the security-dev
mailing list