RFR: 8328046: Need to keep leading zeros in TlsPremasterSecret of TLS1.3 DHKeyAgreement [v5]
Hai-May Chao
hchao at openjdk.org
Thu Jan 22 19:05:59 UTC 2026
On Thu, 22 Jan 2026 18:52:21 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> TLS 1.3 changed the way it generates the FFDHE shared secret. In TLS 1.2, the leading zeroes in the shared secret were stripped, and in TLS 1.3 the leading zeroes are preserved.
>>
>> Thanks to the recent work in [JDK-8189441](https://bugs.openjdk.org/browse/JDK-8189441), we now have a new algorithm name `Generic` that can be used to generate a shared secret with the leading zeroes preserved.
>>
>> This PR changes the TLS 1.3 handshake to use the new algorithm name.
>>
>> I didn't add any tests to verify the correctness of the handshake. This can be verified using tlsfuzzer, see JBS for details.
>>
>> Tier1-3 tests continue to pass.
>
> Daniel Jeliński has updated the pull request incrementally with one additional commit since the last revision:
>
> Update copyright
Looks good. Thanks.
-------------
Marked as reviewed by hchao (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/27343#pullrequestreview-3694051055
More information about the security-dev
mailing list