[jdk8u-dev] RFR: 8139348: Deprecate 3DES and RC4 in Kerberos
Ekaterina Vergizova
evergizova at openjdk.org
Thu Jun 1 17:22:07 UTC 2023
On Thu, 1 Jun 2023 15:32:43 GMT, Andrew John Hughes <andrew at openjdk.org> wrote:
>> I'd like to backport JDK-8139348 to 8u for parity with Oracle 8u351.
>> CSR JDK-8262273 is approved for 8-pool.
>>
>> 11u patch doesn't apply cleanly, some tests need to be adjusted:
>> - jdk/test/sun/security/krb5/auto/NewSalt.java
>> - copyright years adjusted
>> - "default_tgs_enctypes=aes128-sha1" changed to "default_tgs_enctypes=aes128-cts" since aes128-sha1 alias is not supported in 8u (JDK-8014628 is not backported to 8u)
>> - jdk/test/sun/security/krb5/auto/W83.java
>> - copyright years adjusted
>> - compile tag hunk applied manually due to context difference
>> - jdk/test/sun/security/krb5/etype/WeakCrypto.java
>> - bug tag hunk applied manually due to context difference
>> - List.of replaced with Arrays.asList
>> - test/jdk/sun/security/krb5/tools/KtabCheck.java changes applied to jdk/test/sun/security/krb5/tools/ktcheck.sh (JDK-8180569 is not backported to 8u)
>> - additionally, aes128-sha2 (19) values are removed since it is not supported in 8u (JDK-8014628 is not in 8u)
>> - jdk/test/sun/security/krb5/tools/onlythree.conf
>> - aes128-sha2 removed from default_tkt_enctypes since it is not supported in 8u (JDK-8014628 is not in 8u)
>>
>> Tested with jdk_security and tier1, no regressions.
>
> Yes, I'll take a look. As Severin says, I was planning to do this one too, so thanks for taking it on.
Thanks for the review, @gnu-andrew!
-------------
PR Comment: https://git.openjdk.org/jdk8u-dev/pull/312#issuecomment-1572476834
More information about the jdk8u-dev
mailing list