On Tue, 13 May 2025 17:41:32 GMT, Bradford Wetmore <wetm...@openjdk.org> wrote:
>> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE >> respectively. >> >> CSR is underway. >> >> Tests include new unit tests for TLSv1-1.3. Will run tier1-2, plus the JCK >> API (jck:api/java_security jck:api/javax_crypto jck:api/javax_net >> jck:api/javax_security jck:api/org_ietf jck:api/javax_xml/crypto) > > Bradford Wetmore has updated the pull request with a new target base due to a > merge or a rebase. The pull request now contains 16 commits: > > - Merge branch 'master' into JDK-8341346 > - Missed one review comment > - More codereview comments > - Merge branch 'master' into JDK-8341346 > - Adjustments made for JDK-8350830 > - Merge branch 'master' into JDK-8341346 > - Rework to avoid PKCS11 data extraction problems, and enhanced input > verification and unit testing > - More Codereview comments > - Updated to use the upcoming KDF (still in preview) + bits of JDK-8353578 > for compilation) > - Add in the SharedSecrets SecretKeySpec clearing mechanism > - ... and 6 more: https://git.openjdk.org/jdk/compare/d1543429...87ad9ead src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 1583: > 1581: // Calculations are primarily based on protocol version. > 1582: switch (protocolVersion) { > 1583: case TLS13: // HKDF-based Should we also handle `TLS13Plus` versions here? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2087679309
