-
Bug
-
Resolution: Unresolved
-
P4
-
None
-
13
-
None
RFC 8410 describes safe curves for X.509 (e.g. x25519/x448). We can parse ECDH type certificates, but they aren't used correctly because the type is unknown.
Key: algorithm = 1.3.101.110, unparsed keybits =
0000: 85 20 F0 09 89 30 A7 54 74 8B 7D DC B4 3E F7 5A . ...0.Tt....>.Z
As a result, long term ECDH keys for TLS_ECDH ciphersuites won't be be used.
There are some sample keys in RFC 8410.
Key: algorithm = 1.3.101.110, unparsed keybits =
0000: 85 20 F0 09 89 30 A7 54 74 8B 7D DC B4 3E F7 5A . ...0.Tt....>.Z
As a result, long term ECDH keys for TLS_ECDH ciphersuites won't be be used.
There are some sample keys in RFC 8410.
- relates to
-
JDK-8296300 Disable TLS_ECDH_* cipher suites
-
- Closed
-