JDK-8171279 : Support X25519 and X448 in TLS
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: openjdk8u272,11,13
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2016-12-15
  • Updated: 2021-09-07
  • Resolved: 2019-06-13
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11
11.0.10Fixed
Related Reports
CSR :  
Duplicate :  
Relates :  
Relates :  
Relates :  
Relates :  
Relates :  
Relates :  
Relates :  
Sub Tasks
JDK-8225764 :  
Description
Support X25519 and X448 EC curves for Diffie-Hellman in the JSSE implementation for TLS.  

The original scope of this RFE was to implement for TLSv1.3 only, since TLS 1.2 and earlier are organized very differently w.r.t. key agreement. But it appears that there could be interoperability issues if TLS 1.2/1.1/1 aren't supported (see comment below).
Comments
Fix request (11u) I would like to downport this for parity with 11.0.10-oracle. I had to do quite some adaptions: http://mail.openjdk.java.net/pipermail/jdk-updates-dev/2020-October/003903.html http://mail.openjdk.java.net/pipermail/jdk-updates-dev/2020-November/004084.html
09-11-2020

Fixed on TLSv1->1.3. One comment from the review thread: https://mail.openjdk.java.net/pipermail/security-dev/2019-June/020147.html RFC 8422 (Appendix B) deprecated/removed the TLS_ECDH_* ciphersuites. Our KeyManager APIs currently do not allow for selecting specific curve entries. I've made a best effort for supporting client-side ECDH, but we won't support server-side ECDH at this point. TBD if we'll add support as API changes will be necessary, and not be worth the time if no one should/will be using ECDH.
13-06-2019

URL: http://hg.openjdk.java.net/jdk/jdk/rev/946f7f2d321c User: wetmore Date: 2019-06-13 02:00:37 +0000
13-06-2019

I think this RFE must support RFC 8422 and add x25519/x448 to TLSv1/1.1/1.2. If you send a client hello with TLSv1.2/1.3 enabled with x25519/x448 as supported groups, and the server comes back with TLSv1.2 and x25519, the connection will fail.
21-05-2019

We may want this feature in JDK 12.
10-07-2018