KRB5 (was Re: Code Review Request: TLS 1.3 Implementation)
Xuelei Fan
xuelei.fan at oracle.com
Thu Jun 7 14:24:56 UTC 2018
> Yes, please KRB5 cipher suite from the supported list.
Typo: Yes, please remove KRB5 cipher suite from the supported list.
On 6/7/2018 7:23 AM, Xuelei Fan wrote:
> Yes, please KRB5 cipher suite from the supported list.
>
> For the public APIs part, please leave it as it is before we deprecate
> the specification. Some other JSSE provider might still support KRB5
> cipher suites.
>
> Xuelei
>
> On 6/7/2018 1:45 AM, Weijun Wang wrote:
>> And there are the Kerberos word in public APIs:
>>
>> share/classes/javax/net/ssl/SSLContext.java
>> 336: * Some cipher suites (such as Kerberos) require remote hostname
>> 366: * Some cipher suites (such as Kerberos) require remote hostname
>>
>> share/classes/javax/net/ssl/HttpsURLConnection.java
>> 106: * such as Kerberos, will throw an SSLPeerUnverifiedException.
>> 130: * such as Kerberos.
>> 134: * KerberosPrincipal for Kerberos cipher suites.
>> 158: * return null for non-certificate based ciphersuites, such as
>> Kerberos.
>> 162: * KerberosPrincipal for Kerberos cipher suites. If no
>> principal was
>>
>> share/classes/javax/net/ssl/SSLContextSpi.java
>> 90: * Some cipher suites (such as Kerberos) require remote hostname
>> 110: * Some cipher suites (such as Kerberos) require remote hostname
>>
>> share/classes/javax/net/ssl/SSLEngine.java
>> 395: * Some cipher suites (such as Kerberos) require remote hostname
>> 397: * constructor to use Kerberos.
>>
>> share/classes/javax/net/ssl/SSLSession.java
>> 221: * such as Kerberos, will throw an SSLPeerUnverifiedException.
>> 264: * such as Kerberos, will throw an SSLPeerUnverifiedException.
>> 295: * KerberosPrincipal for Kerberos cipher suites.
>> 313: * KerberosPrincipal for Kerberos cipher suites. If no
>> principal was
>>
>> share/classes/javax/net/ssl/HandshakeCompletedEvent.java
>> 122: * such as Kerberos, will throw an SSLPeerUnverifiedException.
>> 145: * such as Kerberos, will throw an SSLPeerUnverifiedException.
>> 178: * KerberosPrincipal for Kerberos cipher suites.
>> 208: * KerberosPrincipal for Kerberos cipher suites. If no
>> principal was
>>
>> --Max
>>
>>> On Jun 7, 2018, at 4:31 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>>
>>> I still see K_KRB5 KeyExchange and TLS_KRB5_WITH_3DES_EDE_CBC_SHA etc
>>> in CipherSuite.java. Shall I also remove them.
>>>
>>> Thanks
>>> Max
>>>
>>
More information about the security-dev
mailing list