Details
-
Enhancement
-
Resolution: Fixed
-
P3
-
None
-
b27
Description
In a (D)TLS connection, the client and server may support different key exchange algorithms and groups. . (D)TLS specifications (see RFC 8446 and RFC 5246) define the procedure to negotiate the key exchange algorithms and groups during handshaking.
In JEP 332: Transport Layer Security (TLS) 1.3 and the follow-on enhancements, JDK implemented the procedure and essential groups. And inJDK-8148516, in order to configure the default JDK key exchange algorithms and groups, the "jdk.tls.namedGroups" System Property was added.
Rather than using the provider default values, applications may want to customize the key exchange algorithms and groups for individual connections, for fine control of the security properties. New APIs are need to support this flexibility.
In JEP 332: Transport Layer Security (TLS) 1.3 and the follow-on enhancements, JDK implemented the procedure and essential groups. And in
Rather than using the provider default values, applications may want to customize the key exchange algorithms and groups for individual connections, for fine control of the security properties. New APIs are need to support this flexibility.
Attachments
Issue Links
- csr for
-
JDK-8291950 (D)TLS key exchange named groups
-
- Closed
-
- duplicates
-
-
- Closed
-
- relates to
-
JDK-8326317 HttpClient: Utils.copySSLParameters() should consider the signatureSchemes and namedGroups of the SSLParameters
-
- Open
-
