-
Sub-task
-
Resolution: Delivered
-
P3
-
20
New Java SE APIs, `javax.net.ssl.SSLParameters.getNamedGroups()` and `javax.net.ssl.SSLParameters.setNamedGroups()`, have been added to allow applications to customize the named groups of key exchange algorithms used in individual TLS or DTLS connections.
Note that the underlying provider may define the default named groups for each TLS or DTLS connection. Applications may also use the existing `jdk.tls.namedGroups` system property to customize the provider-specific default named groups. If not `null`, the named groups passed to the `setNamedGroups()` method will override the default named groups for the specified TLS or DTLS connections.
Note that a provider may not have been updated to support the new APIs and in that case may ignore the named groups that are set. The JDK `SunJSSE` provider supports this method. It is recommended that third party providers add support for these methods when they add support for JDK 19 or later releases.
Note that the underlying provider may define the default named groups for each TLS or DTLS connection. Applications may also use the existing `jdk.tls.namedGroups` system property to customize the provider-specific default named groups. If not `null`, the named groups passed to the `setNamedGroups()` method will override the default named groups for the specified TLS or DTLS connections.
Note that a provider may not have been updated to support the new APIs and in that case may ignore the named groups that are set. The JDK `SunJSSE` provider supports this method. It is recommended that third party providers add support for these methods when they add support for JDK 19 or later releases.