RFR 8177291: [doc] weak algorithms and crypto policy in JGSS docs

Weijun Wang weijun.wang at oracle.com
Mon Apr 3 14:44:15 UTC 2017

On 04/03/2017 09:35 PM, Sean Mullan wrote:
> Hi Max,
> Just a few comments:
> "The DES based encryption types (including des-cbc-md5 and des-cbc-crc)
> are disabled by default."
> Was this in the 8.0 release?

Yes. https://bugs.openjdk.java.net/browse/JDK-8012679.

> "First, you need to update to use the KDC that supports the required
> Kerberos encryption types, such as latest Solaris or the MIT Kerberos
> from MIT distribution. If you are using Active Directory on a Windows
> platform, the latest version also supports RC4-HMAC and AES encryption
> types."
> s/to use the KDC/the KDC/

"update the KDC that supports"? This sounds strange to me. Shall I use 
"update the KDC to support" or "update to a KDC that supports"?


More information about the security-dev mailing list