Redo of #27343: > TLS 1.3 changed the way it generates the FFDHE shared secret. In TLS 1.2, the > leading zeroes in the shared secret were stripped, and in TLS 1.3 the leading > zeroes are preserved.
> Thanks to the recent work in > [JDK-8189441](https://bugs.openjdk.org/browse/JDK-8189441), we now have a new > algorithm name Generic that can be used to generate a shared secret with the > leading zeroes preserved. > This PR changes the TLS 1.3 handshake to use the new algorithm name. Compared to the original PR, a new system property `jdk.tls.t13KeyDerivationAlgorithm` was introduced as a stop-gap solution for deployments using third-party JCE providers that do not implement `Generic` keys yet. Like other `jdk.tls` properties introduced for maintaining compatibility, this property is not documented other than a mention in a release note. No new tests. The fix was verified with tlsfuzzer as described in JBS. ------------- Commit messages: - Add a system property to configure the algorithm name - Reapply "8328046: Need to keep leading zeros in TlsPremasterSecret of TLS1.3 DHKeyAgreement" Changes: https://git.openjdk.org/jdk/pull/30296/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=30296&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8377550 Stats: 6 lines in 1 file changed: 3 ins; 0 del; 3 mod Patch: https://git.openjdk.org/jdk/pull/30296.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/30296/head:pull/30296 PR: https://git.openjdk.org/jdk/pull/30296
