RFR: 8314323: TLS 1.3 Hybrid Key Exchange [v2]

[Jamil Nimeh]

On Sat, 4 Oct 2025 10:29:33 GMT, Bernd <duke at openjdk.org> wrote:

>> No, the choise to knock out ffdhe6144 and 8192 from the default list was done on purpose.  I don't think they get much use and they can always be re-enabled via SSLParameters or the system property.  We're open to feedback on this if you or others feel like they should remain in place, though.
>
> The change is I think ok, doesn’t make much of a difference for most cases I was just thinking it needed its own commit and ticket reference but if it was intentional fine as well.

I think you make a fair point here.  It probably deserves its own change, JBS entry, CSR, etc.  We'll leave them in for now.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2404493866