-
Type:
Bug
-
Resolution: Not an Issue
-
Priority:
P3
-
Affects Version/s: 15
-
Component/s: security-libs
Explicitly provided key agreement group name fails for TLSv1.2 and below which is different from signature key.
Example failing test case (it works fine for TLSv1.3):
Protocol: "TLSv1.2"
KeyType: ecdsa_sha256 with Curve: prime256v1
Cipher: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
System.setProperty("jdk.tls.namedGroups", "X25519"); // The same failure happens for ffdhe too.
Example failing test case (it works fine for TLSv1.3):
Protocol: "TLSv1.2"
KeyType: ecdsa_sha256 with Curve: prime256v1
Cipher: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
System.setProperty("jdk.tls.namedGroups", "X25519"); // The same failure happens for ffdhe too.