On 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine
Wang Weijun
weijun.wang at oracle.com
Wed Jul 16 08:41:50 UTC 2014
Hi Xuelei
A *primitive* version of webrev available at
http://cr.openjdk.java.net/~weijun/8038089/webrev.00
Please confirm this is the way you like it.
ExternalCipherSuite is the service interface and Krb5CipherSuite implements it. It's a modification of the old Krb5Proxy but I've moved as many as Kerberos-related codes to the implementation side so it has less methods now.
Most likely we will define this new interface in a public package.
I didn't touch any core SSL classes except for ClientHandshaker and ServerHandShaker. If you think there are other places too closely connected with kerberos, please let me know.
Ideally, those
case K_KRB5: case K_KRB5_EXPORT:
Krb5Helper.doXXX(...):
should be something like
default:
getExternalHelper(keyExchange).doXXX(...)
but I guess we won't do that unless we know there will be a second implementation.
Thanks
Max
More information about the security-dev
mailing list