RFR: 8314323: Implement JEP 527: TLS 1.3 Hybrid Key Exchange [v5]
Hai-May Chao
hchao at openjdk.org
Wed Oct 15 06:48:56 UTC 2025
On Tue, 14 Oct 2025 23:02:01 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Fix typo in NamedGroup test
>
> src/java.base/share/classes/sun/security/ssl/NamedGroup.java line 239:
>
>> 237: "DH"),
>> 238:
>> 239: SecP256r1MLKEM768(0x11eb, "SecP256r1MLKEM768",
>
> Nit: the rest of named groups in this file are all upper-cased.
Changed hybrid groups to upper-case.
> src/java.base/share/classes/sun/security/ssl/ServerHello.java line 577:
>
>> 575: // Both peers perform similar operations: generate a public key,
>> 576: // send it, and compute a shared secret upon receiving the peer's
>> 577: // public key.
>
> Nit: We use both `public key` and `key share` in this comment when describing Traditional Key Agreement. I think we should use only `key share` (as in RFC 8446) when describing a traditional key exchange to avoid any confusion with KEM's public key.
Fixed the comment.
> src/java.base/share/classes/sun/security/ssl/ServerHello.java line 583:
>
>> 581: // However, this is changed for KEM: the server (as encapsulator)
>> 582: // must perform both actions — derive the secret and generate the
>> 583: // encapsulated message at the same time during SHKeyShareProducer.
>
> Nit: `during SHKeyShareProducer` doesn't seem gramatically correct, did you mean `during encapsulation in SHKeyShareProducer`?
Yes, comment updated.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2431296914
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2431297802
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2431297470
More information about the security-dev
mailing list