bc-java icon indicating copy to clipboard operation
bc-java copied to clipboard
verified publisher icon bcgit

expose negotiated TLS 1.3 namedgroup in TlsContext / SecurityParameters

Open jschauma opened this issue 6 months ago • 3 comments

It can be desirable for the TLS server to know which NamedGroup was negotiated for a given connection. I don't believe there currently exists a way to extract this information from a TlsContext.

For this, it might be useful to add a SecurityParameters.getNegotiatedGroup() similar to SecuriyParameters.getNegotiatedVersion() or SecurityParameters.getCipherSuite().

jschauma avatar Jun 27 '25 01:06 jschauma

I am also interested in having this information available for PQC tracking of TLS connection for client and server. @peterdettman Let me know when there is help needed for this enhancement.

theobisproject avatar Nov 29 '25 21:11 theobisproject

Added SecurityParameters.getNegotiatedGroup() as requested. Currently only set for TLS 1.3.

peterdettman avatar Dec 03 '25 16:12 peterdettman

I'm trying to figure out how to access the SecurityParameter from a SSLEngine. There is obviously no standard API from the JDK but I also found no way to access it from the ProvSSLEngine object (hoping I haven't overlooked something obvious). If this is currently not possible could this information be made available via the SSLEngine implementation?

theobisproject avatar Dec 06 '25 19:12 theobisproject