RFR: 8314323: Implement JEP 527: TLS 1.3 Hybrid Key Exchange [v6]
Jamil Nimeh
jnimeh at openjdk.org
Thu Oct 30 15:53:56 UTC 2025
On Thu, 30 Oct 2025 15:33:17 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with two additional commits since the last revision:
>>
>> - Revert changes to UseStrongDHSizes test as ffdhe6144/8192 added back
>> - Updated comment in ServerHello and hybrid to upper-case in NamedGroup
>
> test/jdk/sun/security/ssl/CipherSuite/RestrictNamedGroup.java line 1:
>
>> 1: /*
>
> Question: does disabling "x25519" also disable "X25519MLKEM768"? It probably should not. I think both groups would need to be specified in order to disable both. Please add a test for this case.
It might depend on which level we're disabling things at. If we're talking about knocking out x25519 in the namedGroups property then no, it won't disable the hybrid. The client will just choose a different key share to use with X25519MLKEM768 in the initial client hello. I know I've tried knocking out x25519 as a disabled algorithm in the past and I believe it will knock out the hybrid as well since the lower-level KeyAgreement operation in the DH provider that the hybrid uses should be blocked. I can test that again to make sure my memory is correct on that point.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2478637493
More information about the security-dev
mailing list