> Redo of #27343: > >> TLS 1.3 changed the way it generates the FFDHE shared secret. In TLS 1.2, >> the leading zeroes in the shared secret were stripped, and in TLS 1.3 the >> leading zeroes are preserved. > >> Thanks to the recent work in >> [JDK-8189441](https://bugs.openjdk.org/browse/JDK-8189441), we now have a >> new algorithm name Generic that can be used to generate a shared secret with >> the leading zeroes preserved. > >> This PR changes the TLS 1.3 handshake to use the new algorithm name. > > Compared to the original PR, a new system property > `jdk.tls.t13KeyDerivationAlgorithm` was introduced as a stop-gap solution for > deployments using third-party JCE providers that do not implement `Generic` > keys yet. Like other `jdk.tls` properties introduced for maintaining > compatibility, this property is not documented other than a mention in a > release note. > > No new tests. The fix was verified with tlsfuzzer as described in JBS.
Daniel Jeliński has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains three commits: - Merge branch 'master' into redo-ffdhe - Add a system property to configure the algorithm name - Reapply "8328046: Need to keep leading zeros in TlsPremasterSecret of TLS1.3 DHKeyAgreement" This reverts commit 511b3eb296376ed06b980ac8af92016e5854b7d9. ------------- Changes: https://git.openjdk.org/jdk/pull/30296/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=30296&range=01 Stats: 5 lines in 1 file changed: 3 ins; 0 del; 2 mod Patch: https://git.openjdk.org/jdk/pull/30296.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/30296/head:pull/30296 PR: https://git.openjdk.org/jdk/pull/30296
