On Sat, 6 Dec 2025 06:12:57 GMT, Hai-May Chao <[email protected]> wrote:
>> Implement hybrid key exchange support for TLS 1.3 by adding three >> post-quantum hybrid named groups: X25519MLKEM768, SecP256r1MLKEM768, and >> SecP384r1MLKEM1024. >> Please see [JEP 527](https://openjdk.org/jeps/527) for details about this >> change. > > Hai-May Chao has updated the pull request incrementally with two additional > commits since the last revision: > > - Updates with Brad's and Sean's comments for new HybridProvider class > - Updates with Weijun's comments for 3rd-party provider Comments on the change to HybridProvider.java src/java.base/share/classes/sun/security/ssl/DHasKEM.java line 259: > 257: } > 258: > 259: public static class HybridService extends Provider.Service { Shouldn't this be moved to `HybridProvider.java`? src/java.base/share/classes/sun/security/ssl/HybridProvider.java line 57: > 55: // The order of shares in the concatenation for group name > 56: // X25519MLKEM768 has been reversed. This is due to IETF > 57: // historical reasons. Can we change this to something like "as per the current draft RFC?" "historical reasons" is too vague. The draft/RFC is the real reason. ------------- PR Review: https://git.openjdk.org/jdk/pull/27614#pullrequestreview-3547269198 PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2594634717 PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2594632217
