[jdk8u-dev] RFR: 8139348: Deprecate 3DES and RC4 in Kerberos
Ekaterina Vergizova
evergizova at openjdk.org
Thu May 4 17:59:07 UTC 2023
I'd like to backport JDK-8139348 to 8u for parity with Oracle 8u351.
CSR JDK-8262273 is approved for 8-pool.
11u patch doesn't apply cleanly, some tests need to be adjusted:
- jdk/test/sun/security/krb5/auto/NewSalt.java
- copyright years adjusted
- "default_tgs_enctypes=aes128-sha1" changed to "default_tgs_enctypes=aes128-cts" since aes128-sha1 alias is not supported in 8u (JDK-8014628 is not backported to 8u)
- jdk/test/sun/security/krb5/auto/W83.java
- copyright years adjusted
- compile tag hunk applied manually due to context difference
- jdk/test/sun/security/krb5/etype/WeakCrypto.java
- bug tag hunk applied manually due to context difference
- List.of replaced with Arrays.asList
- test/jdk/sun/security/krb5/tools/KtabCheck.java changes applied to jdk/test/sun/security/krb5/tools/ktcheck.sh (JDK-8180569 is not backported to 8u)
- additionally, aes128-sha2 (19) values are removed since it is not supported in 8u (JDK-8014628 is not in 8u)
- jdk/test/sun/security/krb5/tools/onlythree.conf
- aes128-sha2 removed from default_tkt_enctypes since it is not supported in 8u (JDK-8014628 is not in 8u)
Tested with jdk_security and tier1, no regressions.
-------------
Commit messages:
- Backport ded96ddcde1e9e8556a6ce8948acef27b6e192cc
Changes: https://git.openjdk.org/jdk8u-dev/pull/312/files
Webrev: https://webrevs.openjdk.org/?repo=jdk8u-dev&pr=312&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8139348
Stats: 70 lines in 7 files changed: 27 ins; 8 del; 35 mod
Patch: https://git.openjdk.org/jdk8u-dev/pull/312.diff
Fetch: git fetch https://git.openjdk.org/jdk8u-dev.git pull/312/head:pull/312
PR: https://git.openjdk.org/jdk8u-dev/pull/312
More information about the jdk8u-dev
mailing list