Httpclient influences selection of key exchange algorithm

[mpfau]

Jetty version(s) 11.0.15

Java version/vendor (use: java -version) openjdk version "17.0.6"

OS type/version linux

Description We configured our server in a way that keys are exchanged with curve P-256. However, we noticed that after httpclient did a single request on the same VM, X25519 is also offered to clients.

We debugged through JDK tls code but struggle to find the shared configuration. Do you know where server/client share some state regarding which key exchange algorithms are supported?

[sbordet]

@mpfau the negotiation of the ciphers is performed by the JDK implementation, following RFC 8446, so Jetty is pretty much out of the picture here.

You don't say how you "configured our server in a way that keys are exchanged with curve P-256", so if the server offers something else, perhaps the server configuration is incorrect?

[mpfau]

@sbordet thanks for clarifying!

We set jdk.tls.namedGroups="secp256r1" in order to enforce P-256. But this is only respected until we make use of an httpclient.

We plan to upgrade to jdk20 anyway so we will do that first. Might have been fixed in JDKs TLS stack since then...

[mpfau]

Since jdk20, you can now configure the named groups via SSLParameters#setNamedGroups (override on SslContextFactory#customize). I just tested it and can confirm that this really works.

[sbordet]

@mpfau where did you set named groups? Both on the server and the client?