[jdk8u-dev] RFR: 8139348: Deprecate 3DES and RC4 in Kerberos
Andrew John Hughes
andrew at openjdk.org
Thu Jun 1 17:08:09 UTC 2023
On Thu, 4 May 2023 17:51:40 GMT, Ekaterina Vergizova <evergizova at openjdk.org> wrote:
> I'd like to backport JDK-8139348 to 8u for parity with Oracle 8u351.
> CSR JDK-8262273 is approved for 8-pool.
>
> 11u patch doesn't apply cleanly, some tests need to be adjusted:
> - jdk/test/sun/security/krb5/auto/NewSalt.java
> - copyright years adjusted
> - "default_tgs_enctypes=aes128-sha1" changed to "default_tgs_enctypes=aes128-cts" since aes128-sha1 alias is not supported in 8u (JDK-8014628 is not backported to 8u)
> - jdk/test/sun/security/krb5/auto/W83.java
> - copyright years adjusted
> - compile tag hunk applied manually due to context difference
> - jdk/test/sun/security/krb5/etype/WeakCrypto.java
> - bug tag hunk applied manually due to context difference
> - List.of replaced with Arrays.asList
> - test/jdk/sun/security/krb5/tools/KtabCheck.java changes applied to jdk/test/sun/security/krb5/tools/ktcheck.sh (JDK-8180569 is not backported to 8u)
> - additionally, aes128-sha2 (19) values are removed since it is not supported in 8u (JDK-8014628 is not in 8u)
> - jdk/test/sun/security/krb5/tools/onlythree.conf
> - aes128-sha2 removed from default_tkt_enctypes since it is not supported in 8u (JDK-8014628 is not in 8u)
>
> Tested with jdk_security and tier1, no regressions.
Changes look good to me. I'll add my usual proviso that `Arrays.asList` is modifiable while the original `List.of` method isn't, but this doesn't matter for a test that only calls three read only methods on the result.
JDK-8180569 might be worth looking at for backport, but isn't a pre-requisite for this.
Please flag with `jdk8u-fix-request` for approval.
-------------
Marked as reviewed by andrew (Reviewer).
PR Review: https://git.openjdk.org/jdk8u-dev/pull/312#pullrequestreview-1455937996
More information about the jdk8u-dev
mailing list