JDK-8291975 : Release Note: (D)TLS key exchange named groups
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Priority: P3
  • Status: Resolved
  • Resolution: Delivered
  • Submitted: 2022-08-05
  • Updated: 2022-12-07
  • Resolved: 2022-12-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 20
20Resolved
Description
New Java SE APIs, `javax.net.ssl.getNamedGroups()` and `javax.net.ssl.setNamedGroups()`, have been added to allow applications to customize the named groups of key exchange algorithms used in individual TLS or DTLS connections.

Note that the underlying provider may define the default named groups for each TLS or DTLS connection. Applications may also use the existing "jdk.tls.namedGroups" system property to customize the provider-specific default named groups. If not `null`, the named groups passed to the `setNamedGroups()` method will override the default named groups for the specified TLS or DTLS connections.

Note that a provider may not have been updated to support the new APIs and in that case may ignore the named groups that are set. The JDK `SunJSSE` provider supports this method. It is recommended that 3rd party providers add support for these methods when they add support for JDK 19 or later releases.