JDK-8171279 : Support X25519 and X448 in TLS
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: openjdk8u272,11,13
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2016-12-15
  • Updated: 2021-11-30
  • Resolved: 2019-06-13
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 JDK 14
11.0.10-oracleFixed 13 b25Fixed 14Fixed
Related Reports
CSR :  
Duplicate :  
Relates :  
Relates :  
Relates :  
Relates :  
Relates :  
Relates :  
Relates :  
Sub Tasks
JDK-8225764 :  
Support X25519 and X448 EC curves for Diffie-Hellman in the JSSE implementation for TLS.  

The original scope of this RFE was to implement for TLSv1.3 only, since TLS 1.2 and earlier are organized very differently w.r.t. key agreement. But it appears that there could be interoperability issues if TLS 1.2/1.1/1 aren't supported (see comment below).
Fix request (11u) I would like to downport this for parity with 11.0.10-oracle. I had to do quite some adaptions: http://mail.openjdk.java.net/pipermail/jdk-updates-dev/2020-October/003903.html http://mail.openjdk.java.net/pipermail/jdk-updates-dev/2020-November/004084.html

Fixed on TLSv1->1.3. One comment from the review thread: https://mail.openjdk.java.net/pipermail/security-dev/2019-June/020147.html RFC 8422 (Appendix B) deprecated/removed the TLS_ECDH_* ciphersuites. Our KeyManager APIs currently do not allow for selecting specific curve entries. I've made a best effort for supporting client-side ECDH, but we won't support server-side ECDH at this point. TBD if we'll add support as API changes will be necessary, and not be worth the time if no one should/will be using ECDH.

URL: http://hg.openjdk.java.net/jdk/jdk/rev/946f7f2d321c User: wetmore Date: 2019-06-13 02:00:37 +0000

I think this RFE must support RFC 8422 and add x25519/x448 to TLSv1/1.1/1.2. If you send a client hello with TLSv1.2/1.3 enabled with x25519/x448 as supported groups, and the server comes back with TLSv1.2 and x25519, the connection will fail.

We may want this feature in JDK 12.