8281236: (D)TLS key exchange named groups

Reviewed-by: mullan
2025-08-28 15:24:43 +02:00 · 2022-12-07 20:16:45 +00:00 · 2022-12-07 20:16:45 +00:00 · 5d4c71c8bd
commit 5d4c71c8bd
parent 10356e767a
17 changed files with 806 additions and 236 deletions
--- a/src/java.base/share/classes/sun/security/ssl/ECDHKeyExchange.java
+++ b/src/java.base/share/classes/sun/security/ssl/ECDHKeyExchange.java
@ -44,7 +44,6 @@ import javax.crypto.KeyAgreement;
 import javax.crypto.SecretKey;
 import javax.net.ssl.SSLHandshakeException;
 import sun.security.ssl.NamedGroup.NamedGroupSpec;
-import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
 import sun.security.ssl.X509Authentication.X509Credentials;
 import sun.security.ssl.X509Authentication.X509Possession;
 import sun.security.ssl.XDHKeyExchange.XDHECredentials;
@ -236,7 +235,8 @@ final class ECDHKeyExchange {
            // Find most preferred EC or XEC groups
            if ((context.clientRequestedNamedGroups != null) &&
                    (!context.clientRequestedNamedGroups.isEmpty())) {
-                preferableNamedGroup = SupportedGroups.getPreferredGroup(
+                preferableNamedGroup = NamedGroup.getPreferredGroup(
+                        context.sslConfig,
                        context.negotiatedProtocol,
                        context.algorithmConstraints,
                        new NamedGroupSpec[] {
@ -244,7 +244,8 @@ final class ECDHKeyExchange {
                            NamedGroupSpec.NAMED_GROUP_XDH },
                        context.clientRequestedNamedGroups);
            } else {
-                preferableNamedGroup = SupportedGroups.getPreferredGroup(
+                preferableNamedGroup = NamedGroup.getPreferredGroup(
+                        context.sslConfig,
                        context.negotiatedProtocol,
                        context.algorithmConstraints,
                        new NamedGroupSpec[] {