KRB5 (was Re: Code Review Request: TLS 1.3 Implementation)

Weijun Wang weijun.wang at oracle.com
Thu Jun 7 14:41:01 UTC 2018


Please take a review

  http://cr.openjdk.java.net/~weijun/9999999/webrev.more-krb5-cleanup/

--Max


> On Jun 7, 2018, at 10:24 PM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
> 
> > Yes, please KRB5 cipher suite from the supported list.
> Typo: Yes, please remove KRB5 cipher suite from the supported list.
> 
> On 6/7/2018 7:23 AM, Xuelei Fan wrote:
>> Yes, please KRB5 cipher suite from the supported list.
>> For the public APIs part, please leave it as it is before we deprecate the specification.  Some other JSSE provider might still support KRB5 cipher suites.
>> Xuelei
>> On 6/7/2018 1:45 AM, Weijun Wang wrote:
>>> And there are the Kerberos word in public APIs:
>>> 
>>> share/classes/javax/net/ssl/SSLContext.java
>>> 336:     * Some cipher suites (such as Kerberos) require remote hostname
>>> 366:     * Some cipher suites (such as Kerberos) require remote hostname
>>> 
>>> share/classes/javax/net/ssl/HttpsURLConnection.java
>>> 106:     * such as Kerberos, will throw an SSLPeerUnverifiedException.
>>> 130:     * such as Kerberos.
>>> 134:     * KerberosPrincipal for Kerberos cipher suites.
>>> 158:     * return null for non-certificate based ciphersuites, such as Kerberos.
>>> 162:     * KerberosPrincipal for Kerberos cipher suites. If no principal was
>>> 
>>> share/classes/javax/net/ssl/SSLContextSpi.java
>>> 90:     * Some cipher suites (such as Kerberos) require remote hostname
>>> 110:     * Some cipher suites (such as Kerberos) require remote hostname
>>> 
>>> share/classes/javax/net/ssl/SSLEngine.java
>>> 395:     * Some cipher suites (such as Kerberos) require remote hostname
>>> 397:     * constructor to use Kerberos.
>>> 
>>> share/classes/javax/net/ssl/SSLSession.java
>>> 221:     * such as Kerberos, will throw an SSLPeerUnverifiedException.
>>> 264:     * such as Kerberos, will throw an SSLPeerUnverifiedException.
>>> 295:     * KerberosPrincipal for Kerberos cipher suites.
>>> 313:     * KerberosPrincipal for Kerberos cipher suites. If no principal was
>>> 
>>> share/classes/javax/net/ssl/HandshakeCompletedEvent.java
>>> 122:     * such as Kerberos, will throw an SSLPeerUnverifiedException.
>>> 145:     * such as Kerberos, will throw an SSLPeerUnverifiedException.
>>> 178:     * KerberosPrincipal for Kerberos cipher suites.
>>> 208:     * KerberosPrincipal for Kerberos cipher suites. If no principal was
>>> 
>>> --Max
>>> 
>>>> On Jun 7, 2018, at 4:31 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>>> 
>>>> I still see K_KRB5 KeyExchange and TLS_KRB5_WITH_3DES_EDE_CBC_SHA etc in CipherSuite.java. Shall I also remove them.
>>>> 
>>>> Thanks
>>>> Max
>>>> 
>>> 



More information about the security-dev mailing list