On Fri, 27 Mar 2026 18:09:17 GMT, Daniel Jeliński <[email protected]> wrote:
>> Redo of #27343: >> >>> TLS 1.3 changed the way it generates the FFDHE shared secret. In TLS 1.2, >>> the leading zeroes in the shared secret were stripped, and in TLS 1.3 the >>> leading zeroes are preserved. >> >>> Thanks to the recent work in >>> [JDK-8189441](https://bugs.openjdk.org/browse/JDK-8189441), we now have a >>> new algorithm name Generic that can be used to generate a shared secret >>> with the leading zeroes preserved. >> >>> This PR changes the TLS 1.3 handshake to use the new algorithm name. >> >> Compared to the original PR, a new system property >> `jdk.tls.t13KeyDerivationAlgorithm` was introduced as a stop-gap solution >> for deployments using third-party JCE providers that do not implement >> `Generic` keys yet. Like other `jdk.tls` properties introduced for >> maintaining compatibility, this property is not documented other than a >> mention in a release note. >> >> No new tests. The fix was verified with tlsfuzzer as described in JBS. > > Daniel Jeliński has updated the pull request with a new target base due to a > merge or a rebase. The pull request now contains three commits: > > - Merge branch 'master' into redo-ffdhe > - Add a system property to configure the algorithm name > - Reapply "8328046: Need to keep leading zeros in TlsPremasterSecret of > TLS1.3 DHKeyAgreement" > > This reverts commit 511b3eb296376ed06b980ac8af92016e5854b7d9. Marked as reviewed by hchao (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/30296#pullrequestreview-4023852091
