KRB5 (was Re: Code Review Request: TLS 1.3 Implementation)

Xuelei Fan xuelei.fan at oracle.com
Thu Jun 7 14:24:56 UTC 2018


 > Yes, please KRB5 cipher suite from the supported list.
Typo: Yes, please remove KRB5 cipher suite from the supported list.

On 6/7/2018 7:23 AM, Xuelei Fan wrote:
> Yes, please KRB5 cipher suite from the supported list.
> 
> For the public APIs part, please leave it as it is before we deprecate 
> the specification.  Some other JSSE provider might still support KRB5 
> cipher suites.
> 
> Xuelei
> 
> On 6/7/2018 1:45 AM, Weijun Wang wrote:
>> And there are the Kerberos word in public APIs:
>>
>> share/classes/javax/net/ssl/SSLContext.java
>> 336:     * Some cipher suites (such as Kerberos) require remote hostname
>> 366:     * Some cipher suites (such as Kerberos) require remote hostname
>>
>> share/classes/javax/net/ssl/HttpsURLConnection.java
>> 106:     * such as Kerberos, will throw an SSLPeerUnverifiedException.
>> 130:     * such as Kerberos.
>> 134:     * KerberosPrincipal for Kerberos cipher suites.
>> 158:     * return null for non-certificate based ciphersuites, such as 
>> Kerberos.
>> 162:     * KerberosPrincipal for Kerberos cipher suites. If no 
>> principal was
>>
>> share/classes/javax/net/ssl/SSLContextSpi.java
>> 90:     * Some cipher suites (such as Kerberos) require remote hostname
>> 110:     * Some cipher suites (such as Kerberos) require remote hostname
>>
>> share/classes/javax/net/ssl/SSLEngine.java
>> 395:     * Some cipher suites (such as Kerberos) require remote hostname
>> 397:     * constructor to use Kerberos.
>>
>> share/classes/javax/net/ssl/SSLSession.java
>> 221:     * such as Kerberos, will throw an SSLPeerUnverifiedException.
>> 264:     * such as Kerberos, will throw an SSLPeerUnverifiedException.
>> 295:     * KerberosPrincipal for Kerberos cipher suites.
>> 313:     * KerberosPrincipal for Kerberos cipher suites. If no 
>> principal was
>>
>> share/classes/javax/net/ssl/HandshakeCompletedEvent.java
>> 122:     * such as Kerberos, will throw an SSLPeerUnverifiedException.
>> 145:     * such as Kerberos, will throw an SSLPeerUnverifiedException.
>> 178:     * KerberosPrincipal for Kerberos cipher suites.
>> 208:     * KerberosPrincipal for Kerberos cipher suites. If no 
>> principal was
>>
>> --Max
>>
>>> On Jun 7, 2018, at 4:31 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>>
>>> I still see K_KRB5 KeyExchange and TLS_KRB5_WITH_3DES_EDE_CBC_SHA etc 
>>> in CipherSuite.java. Shall I also remove them.
>>>
>>> Thanks
>>> Max
>>>
>>


More information about the security-dev mailing list