On Wed, 18 Mar 2026 12:54:40 GMT, Daniel Jeliński <[email protected]> wrote:
> Redo of #27343: > >> TLS 1.3 changed the way it generates the FFDHE shared secret. In TLS 1.2, >> the leading zeroes in the shared secret were stripped, and in TLS 1.3 the >> leading zeroes are preserved. > >> Thanks to the recent work in >> [JDK-8189441](https://bugs.openjdk.org/browse/JDK-8189441), we now have a >> new algorithm name Generic that can be used to generate a shared secret with >> the leading zeroes preserved. > >> This PR changes the TLS 1.3 handshake to use the new algorithm name. > > Compared to the original PR, a new system property > `jdk.tls.t13KeyDerivationAlgorithm` was introduced as a stop-gap solution for > deployments using third-party JCE providers that do not implement `Generic` > keys yet. Like other `jdk.tls` properties introduced for maintaining > compatibility, this property is not documented other than a mention in a > release note. > > No new tests. The fix was verified with tlsfuzzer as described in JBS. Changes look good. ------------- Marked as reviewed by hchao (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/30296#pullrequestreview-4019663715
