JDK-8171279 : Support X25519 and X448 in TLS
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2016-12-15
  • Updated: 2019-08-05
  • Resolved: 2019-06-13
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 13 JDK 14
13 b25Fixed 14Fixed
Related Reports
CSR :  
Duplicate :  
Relates :  
Relates :  
Relates :  
Relates :  
Sub Tasks
JDK-8225764 :  
Description
Support X25519 and X448 EC curves for Diffie-Hellman in the JSSE implementation for TLS.  

The original scope of this RFE was to implement for TLSv1.3 only, since TLS 1.2 and earlier are organized very differently w.r.t. key agreement. But it appears that there could be interoperability issues if TLS 1.2/1.1/1 aren't supported (see comment below).
Comments
Fixed on TLSv1->1.3. One comment from the review thread: https://mail.openjdk.java.net/pipermail/security-dev/2019-June/020147.html RFC 8422 (Appendix B) deprecated/removed the TLS_ECDH_* ciphersuites. Our KeyManager APIs currently do not allow for selecting specific curve entries. I've made a best effort for supporting client-side ECDH, but we won't support server-side ECDH at this point. TBD if we'll add support as API changes will be necessary, and not be worth the time if no one should/will be using ECDH.
13-06-2019

I think this RFE must support RFC 8422 and add x25519/x448 to TLSv1/1.1/1.2. If you send a client hello with TLSv1.2/1.3 enabled with x25519/x448 as supported groups, and the server comes back with TLSv1.2 and x25519, the connection will fail.
21-05-2019

We may want this feature in JDK 12.
10-07-2018