On Thu, 1 May 2025 19:32:03 GMT, Bradford Wetmore <wetm...@openjdk.org> wrote:

>> src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 1691:
>> 
>>> 1689:                 // ...now the final expand.
>>> 1690:                 SecretKey key = hkdf.expand(derivedSecret, hkdfInfo, 
>>> length,
>>> 1691:                         "label");
>> 
>> Are you using "label" as the algorithm name for the output?
>
> Egads...should be the label variable.  Thanks.

I don't know whether label is always a legal algorithm name. PKCS #11 is 
especially picky at new names. The KDF `deriveKey` method contains the 
algorithm as an argument.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2070833436

Reply via email to