On Fri, 3 Oct 2025 17:20:32 GMT, Bernd <[email protected]> wrote: >> Implement hybrid key exchange support for TLS 1.3 by adding three >> post-quantum hybrid named groups: X25519MLKEM768, SecP256r1MLKEM768, and >> SecP384r1MLKEM1024. >> Please see [JEP 527](https://openjdk.org/jeps/527) for details about this >> change. > > src/java.base/share/classes/sun/security/ssl/NamedGroup.java line 802: > >> 800: FFDHE_3072, >> 801: FFDHE_4096, >> 802: FFDHE_6144, > > Unrelated change?
No, the choise to knock out ffdhe6144 and 8192 from the default list was done on purpose. I don't think they get much use and they can always be re-enabled via SSLParameters or the system property. We're open to feedback on this if you or others feel like they should remain in place, though. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/27614#discussion_r2402940752
