JDK-8281236 : (D)TLS key exchange named groups
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2022-02-03
  • Updated: 2024-02-20
  • Resolved: 2022-12-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 20
20 b27Fixed
Related Reports
CSR :  
JDK-8291950 - (D)TLS key exchange named groups
Duplicate :  
JDK-8229720 - New JSSE APIs to configure named groups and signature algorithms
Relates :  
JDK-8326317 - HttpClient: Utils.copySSLParameters() should consider the signatureSchemes and namedGroups of the SSLParameters
Sub Tasks
JDK-8291975 :  
Release Note: (D)TLS Key Exchange Named Groups - Resolved
Description
In a (D)TLS connection, the client and server may support different key exchange algorithms and groups. . (D)TLS specifications (see RFC 8446 and RFC 5246) define the procedure to negotiate the key exchange algorithms and groups during handshaking.

In JEP 332: Transport Layer Security (TLS) 1.3 and the follow-on enhancements, JDK implemented the procedure and essential groups. And in JDK-8148516, in order to configure the default JDK key exchange algorithms and groups, the "jdk.tls.namedGroups" System Property was added.

Rather than using the provider default  values, applications may want to customize the key exchange algorithms and groups for individual connections,  for fine control of the security properties. New APIs are need to support this flexibility.
Comments
Changeset: 5d4c71c8 Author: Xue-Lei Andrew Fan <xuelei@openjdk.org> Date: 2022-12-07 20:16:45 +0000 URL: https://git.openjdk.org/jdk/commit/5d4c71c8bd361af78c90777f17b79e95d8eb5afe
07-12-2022
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/9776 Date: 2022-08-05 14:57:45 +0000
06-08-2022