On Wed, 17 Sep 2025 12:15:10 GMT, Daniel Jeliński <[email protected]> wrote:
> TLS 1.3 changed the way it generates the FFDHE shared secret. In TLS 1.2, the > leading zeroes in the shared secret were stripped, and in TLS 1.3 the leading > zeroes are preserved. > > Thanks to the recent work in > [JDK-8189441](https://bugs.openjdk.org/browse/JDK-8189441), we now have a new > algorithm name `Generic` that can be used to generate a shared secret with > the leading zeroes preserved. > > This PR changes the TLS 1.3 handshake to use the new algorithm name. It also > fixes a bug in PKCS11 Generic key derivation, and updates the existing tests > to verify that the Generic algorithm doesn't strip leading zeroes. > > I didn't add any tests to verify the correctness of the handshake. This can > be verified using tlsfuzzer, see JBS for details. > > Tier1-3 tests continue to pass. The `TestLeadingZeroesP11.java` test fails > before the `P11KeyAgreement.java` changes, passes after. On second thought, I'll move the PKCS11 changes to a separate issue. ------------- PR Comment: https://git.openjdk.org/jdk/pull/27343#issuecomment-3334619347
