Merge pull request #1875 from hwupathum/kyber_config

Change default TLS named groups

changelog.md

@@ -34,6 +34,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 ### Fixed
 - [Fix connection getting closed by stale eviction task after it has been closed by the server](https://github.com/ballerina-platform/ballerina-library/issues/6050)
 
+## Unreleased
+
+### Added
+
+- [Supporting X25519Kyber768 key encapsulation for TLS 1.3](https://github.com/ballerina-platform/ballerina-library/issues/6200)
+
 ## [2.10.6] - 2024-02-01
 
 ### Added

native/src/main/java/io/ballerina/stdlib/http/api/HttpUtil.java

@@ -205,6 +205,9 @@ public class HttpUtil {
     private static final String IO_EXCEPTION_OCCURRED = "I/O exception occurred";
     private static final String CHUNKING_CONFIG = "chunking_config";
     private static final String ILLEGAL_FUNCTION_INVOKED = "illegal respond: response has already been sent";
+    private static final String JAVA_CONFIG_TLS_NAMED_GROUPS = "jdk.tls.namedGroups";
+    private static final String[] DEFAULT_NAMED_GROUPS = { "X25519Kyber768Draft00", "x25519", "secp256r1",
+            "secp384r1", "secp521r1" };
 
     /**
      * Set new entity to in/out request/response struct.
@@ -1845,6 +1848,9 @@ private static void evaluateProtocolField(BMap<BString, Object> protocol,
         if (!sslProtocol.isBlank()) {
             sslConfiguration.setSSLProtocol(sslProtocol);
         }
+        if (System.getProperty(JAVA_CONFIG_TLS_NAMED_GROUPS) == null) {
+            System.setProperty(JAVA_CONFIG_TLS_NAMED_GROUPS, String.join(",", DEFAULT_NAMED_GROUPS));
+        }
     }
 
     private static void evaluateCertValidationField(BMap<BString, Object> certValidation,