On Thu, 1 May 2025 19:32:03 GMT, Bradford Wetmore <wetm...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 1691: >> >>> 1689: // ...now the final expand. >>> 1690: SecretKey key = hkdf.expand(derivedSecret, hkdfInfo, >>> length, >>> 1691: "label"); >> >> Are you using "label" as the algorithm name for the output? > > Egads...should be the label variable. Thanks. I don't know whether label is always a legal algorithm name. PKCS #11 is especially picky at new names. The KDF `deriveKey` method contains the algorithm as an argument. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2070833436