On Fri, 3 Oct 2025 17:20:04 GMT, Bernd <[email protected]> wrote: >> Implement hybrid key exchange support for TLS 1.3 by adding three >> post-quantum hybrid named groups: X25519MLKEM768, SecP256r1MLKEM768, and >> SecP384r1MLKEM1024. >> Please see [JEP 527](https://openjdk.org/jeps/527) for details about this >> change. > > src/java.base/share/classes/sun/security/ssl/NamedGroup.java line 906: > >> 904: NamedGroup[] groups = new NamedGroup[] { >> 905: >> 906: // Hybrid key agreements > > It feels like all the infra for X448MLKEM1024 is there, so rather than > removing x448 from this patch, why not implement it (it’s more obvious than > P511 Variants)
Indeed the infrastructure is there, but I don't see an IETF draft that covers that hybrid variant for TLS, nor do I see an IANA mapping for it here: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 There needs to be a standard for TLS 1.3 backing these hybrid KEMs before we implement them. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2402875164
