The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed. Resolved: Release in which this issue/RFE has been resolved. Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
Support X25519 and X448 EC curves for Diffie-Hellman in the JSSE implementation for TLS.
The original scope of this RFE was to implement for TLSv1.3 only, since TLS 1.2 and earlier are organized very differently w.r.t. key agreement. But it appears that there could be interoperability issues if TLS 1.2/1.1/1 aren't supported (see comment below).
Fix request (11u)
I would like to downport this for parity with 11.0.10-oracle.
I had to do quite some adaptions:
Fixed on TLSv1->1.3.
One comment from the review thread:
RFC 8422 (Appendix B) deprecated/removed the TLS_ECDH_* ciphersuites. Our KeyManager APIs currently do not allow for selecting specific curve entries. I've made a best effort for supporting client-side ECDH, but we won't support server-side ECDH at this point. TBD if we'll add support as API changes will be necessary, and not be worth the time if no one should/will be using ECDH.
I think this RFE must support RFC 8422 and add x25519/x448 to TLSv1/1.1/1.2.
If you send a client hello with TLSv1.2/1.3 enabled with x25519/x448 as supported groups, and the server comes back with TLSv1.2 and x25519, the connection will fail.