-
Sub-task
-
Resolution: Delivered
-
P4
-
11.0.10-oracle, 13
-
Verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8261189 | 11.0.10-oracle | Clifford Wayne | P4 | Closed | Delivered |
The named elliptic curve groups `x25519` and `x448` are now available for JSSE key agreement in TLS versions 1.0 to 1.3, with `x25519` being the most preferred of the default enabled named groups. The default ordered list is now:
```
x25519, secp256r1, secp384r1, secp521r1, x448,
sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1,
secp256k1,
ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
```
The default list can be overridden using the system property *`jdk.tls.namedGroups`*.
```
x25519, secp256r1, secp384r1, secp521r1, x448,
sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1,
secp256k1,
ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
```
The default list can be overridden using the system property *`jdk.tls.namedGroups`*.
- backported by
-
JDK-8261189 Release Note: Support for X25519 and X448 in TLS
-
- Closed
-