Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8281236

(D)TLS key exchange algorithms

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Open
    • Priority: P3
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security-libs

      Description

      In a (D)TLS connection, the client and server may support different key exchange algorithms and groups. . (D)TLS specifications (see RFC 8446 and RFC 5246) define the procedure to negotiate the key exchange algorithms and groups during handshaking.

      In JEP 332: Transport Layer Security (TLS) 1.3 and the follow-on enhancements, JDK implemented the procedure and essential groups. And in JDK-8148516, in order to configure the default JDK key exchange algorithms and groups, the "jdk.tls.namedGroups" System Property was added.

      Rather than using the provider default values, applications may want to customize the key exchange algorithms and groups for individual connections, for fine control of the security properties. New APIs are need to support this flexibility.

        Attachments

          Activity

            People

            Assignee:
            xuelei Xuelei Fan
            Reporter:
            xuelei Xuelei Fan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: