KRB5 (was Re: Code Review Request: TLS 1.3 Implementation)

Xuelei Fan xuelei.fan at oracle.com
Thu Jun 7 14:23:32 UTC 2018 

Yes, please KRB5 cipher suite from the supported list.

For the public APIs part, please leave it as it is before we deprecate 
the specification.  Some other JSSE provider might still support KRB5 
cipher suites.

Xuelei

On 6/7/2018 1:45 AM, Weijun Wang wrote:
> And there are the Kerberos word in public APIs:
> 
> share/classes/javax/net/ssl/SSLContext.java
> 336:     * Some cipher suites (such as Kerberos) require remote hostname
> 366:     * Some cipher suites (such as Kerberos) require remote hostname
> 
> share/classes/javax/net/ssl/HttpsURLConnection.java
> 106:     * such as Kerberos, will throw an SSLPeerUnverifiedException.
> 130:     * such as Kerberos.
> 134:     * KerberosPrincipal for Kerberos cipher suites.
> 158:     * return null for non-certificate based ciphersuites, such as Kerberos.
> 162:     * KerberosPrincipal for Kerberos cipher suites. If no principal was
> 
> share/classes/javax/net/ssl/SSLContextSpi.java
> 90:     * Some cipher suites (such as Kerberos) require remote hostname
> 110:     * Some cipher suites (such as Kerberos) require remote hostname
> 
> share/classes/javax/net/ssl/SSLEngine.java
> 395:     * Some cipher suites (such as Kerberos) require remote hostname
> 397:     * constructor to use Kerberos.
> 
> share/classes/javax/net/ssl/SSLSession.java
> 221:     * such as Kerberos, will throw an SSLPeerUnverifiedException.
> 264:     * such as Kerberos, will throw an SSLPeerUnverifiedException.
> 295:     * KerberosPrincipal for Kerberos cipher suites.
> 313:     * KerberosPrincipal for Kerberos cipher suites. If no principal was
> 
> share/classes/javax/net/ssl/HandshakeCompletedEvent.java
> 122:     * such as Kerberos, will throw an SSLPeerUnverifiedException.
> 145:     * such as Kerberos, will throw an SSLPeerUnverifiedException.
> 178:     * KerberosPrincipal for Kerberos cipher suites.
> 208:     * KerberosPrincipal for Kerberos cipher suites. If no principal was
> 
> --Max
> 
>> On Jun 7, 2018, at 4:31 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>
>> I still see K_KRB5 KeyExchange and TLS_KRB5_WITH_3DES_EDE_CBC_SHA etc in CipherSuite.java. Shall I also remove them.
>>
>> Thanks
>> Max
>>
>

More information about the security-dev mailing list