--- a/src/java.base/share/classes/sun/security/ssl/ECDHServerKeyExchange.java	Mon Aug 12 23:37:48 2019 +0200
+++ b/src/java.base/share/classes/sun/security/ssl/ECDHServerKeyExchange.java	Mon Aug 12 21:36:29 2019 -0700
@@ -38,6 +38,7 @@
 import java.security.SignatureException;
 import java.text.MessageFormat;
 import java.util.Locale;
+import sun.security.ssl.NamedGroup.NamedGroupSpec;
 import sun.security.ssl.SSLHandshake.HandshakeMessage;
 import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
 import sun.security.ssl.X509Authentication.X509Credentials;
@@ -110,13 +111,18 @@
 
             // Find the NamedGroup used for the ephemeral keys.
             namedGroup = namedGroupPossession.getNamedGroup();
+            if ((namedGroup == null) || (!namedGroup.isAvailable)) {
+                // unlikely
+                throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
+                    "Missing or improper named group: " + namedGroup);
+            }
+
             publicPoint = namedGroup.encodePossessionPublicKey(
                     namedGroupPossession);
-
-            if ((namedGroup == null) || (namedGroup.oid == null) ) {
+            if (publicPoint == null) {
                 // unlikely
                 throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
-                    "Missing Named Group");
+                    "Missing public point for named group: " + namedGroup);
             }
 
             if (x509Possession == null) {
@@ -130,6 +136,7 @@
                 Signature signer = null;
                 if (useExplicitSigAlgorithm) {
                     signatureScheme = SignatureScheme.getPreferableAlgorithm(
+                            shc.algorithmConstraints,
                             shc.peerRequestedSignatureSchemes,
                             x509Possession,
                             shc.negotiatedProtocol);