JDK-8225764 : Release Note: Support for X25519 and X448 in TLS
- Type: Sub-task
- Component: security-libs
- Sub-Component: javax.net.ssl
- Affected Version: 11.0.10-oracle,13
- Priority: P4
- Status: Closed
- Resolution: Delivered
- Submitted: 2019-06-14
- Updated: 2021-02-04
- Resolved: 2019-06-18
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 13 |
|---|---|
| 11.0.10-oracleResolved | 13Resolved  |
Description
The named elliptic curve groups `x25519` and `x448` are now available for JSSE key agreement in TLS versions 1.0 to 1.3, with `x25519` being the most preferred of the default enabled named groups. The default ordered list is now:
```
x25519, secp256r1, secp384r1, secp521r1, x448,
sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1,
secp256k1,
ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
```
The default list can be overridden using the system property *`jdk.tls.namedGroups`*.
Comments
|