On Fri, 5 Dec 2025 03:39:22 GMT, Hai-May Chao <[email protected]> wrote:
>> Implement hybrid key exchange support for TLS 1.3 by adding three >> post-quantum hybrid named groups: X25519MLKEM768, SecP256r1MLKEM768, and >> SecP384r1MLKEM1024. >> Please see [JEP 527](https://openjdk.org/jeps/527) for details about this >> change. > > Hai-May Chao has updated the pull request with a new target base due to a > merge or a rebase. The pull request now contains 27 commits: > > - reapply changes after merge > - Merge > - backout conflict change in KeyShareExtension.java > - Updates with Weijun's comments > - Remove null check to not assume key is returned > - Updates with Brad's and Sean's comments > - Move Hybrid.java to sun.security.ssl > - Move DH.java to sun.security.ssl as DHasKEM.java > - Update names to uppercase > - Remove fallback in engineGeneratePublic > - ... and 17 more: https://git.openjdk.org/jdk/compare/7e91d34f...9c362c3e src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java line 731: > 729: nps.getName() : null; > 730: return algName != null && constraints.permits( > 731: EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), Should this be `KEY_ENCAPSULATION`? How did we test this? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2593205603
