[jdk8u-dev] RFR: 8139348: Deprecate 3DES and RC4 in Kerberos
Andrew John Hughes
andrew at openjdk.org
Thu Jun 1 17:38:06 UTC 2023
On Thu, 4 May 2023 17:51:40 GMT, Ekaterina Vergizova <evergizova at openjdk.org> wrote:
> I'd like to backport JDK-8139348 to 8u for parity with Oracle 8u351.
> CSR JDK-8262273 is approved for 8-pool.
>
> 11u patch doesn't apply cleanly, some tests need to be adjusted:
> - jdk/test/sun/security/krb5/auto/NewSalt.java
> - copyright years adjusted
> - "default_tgs_enctypes=aes128-sha1" changed to "default_tgs_enctypes=aes128-cts" since aes128-sha1 alias is not supported in 8u (JDK-8014628 is not backported to 8u)
> - jdk/test/sun/security/krb5/auto/W83.java
> - copyright years adjusted
> - compile tag hunk applied manually due to context difference
> - jdk/test/sun/security/krb5/etype/WeakCrypto.java
> - bug tag hunk applied manually due to context difference
> - List.of replaced with Arrays.asList
> - test/jdk/sun/security/krb5/tools/KtabCheck.java changes applied to jdk/test/sun/security/krb5/tools/ktcheck.sh (JDK-8180569 is not backported to 8u)
> - additionally, aes128-sha2 (19) values are removed since it is not supported in 8u (JDK-8014628 is not in 8u)
> - jdk/test/sun/security/krb5/tools/onlythree.conf
> - aes128-sha2 removed from default_tkt_enctypes since it is not supported in 8u (JDK-8014628 is not in 8u)
>
> Tested with jdk_security and tier1, no regressions.
No problem, sorry for the delay. I only just saw this today.
I've approved the bug. If you integrate, I can sponsor the commit and we can get this one in. Thanks for the backport :)
-------------
PR Comment: https://git.openjdk.org/jdk8u-dev/pull/312#issuecomment-1572509123
More information about the jdk8u-dev
mailing list