On Tue, 13 May 2025 05:32:34 GMT, Bradford Wetmore <wetm...@openjdk.org> wrote:
>> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE
>> respectively.
>>
>> CSR is underway.
>>
>> Tests include new unit tests for TLSv1-1.3. Will run tier1-2, plus the JCK
>> API (jck:api/java_security jck:api/javax_crypto jck:api/javax_net
>> jck:api/javax_security jck:api/org_ietf jck:api/javax_xml/crypto)
>
> Bradford Wetmore has updated the pull request incrementally with one
> additional commit since the last revision:
>
> Missed one review comment
src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 1682:
> 1680: // ...now the final expand.
> 1681: return (deriveKey ?
> 1682: hkdf.deriveKey("TlsExporterKeyingMaterial",
Using a registered algorithm will make this method work, but I'm not sure if
the resulting key can be used further. Do you know any typical use cases for
the EKM?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2086854025
