KRB5 (was Re: Code Review Request: TLS 1.3 Implementation)
Weijun Wang
weijun.wang at oracle.com
Thu Jun 7 14:43:32 UTC 2018
Or you mean keep the definitions but move them to "known but unsupported"?
> On Jun 7, 2018, at 10:41 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
>
> Please take a review
>
> http://cr.openjdk.java.net/~weijun/9999999/webrev.more-krb5-cleanup/
>
> --Max
>
>
>> On Jun 7, 2018, at 10:24 PM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>
>>> Yes, please KRB5 cipher suite from the supported list.
>> Typo: Yes, please remove KRB5 cipher suite from the supported list.
>>
>> On 6/7/2018 7:23 AM, Xuelei Fan wrote:
>>> Yes, please KRB5 cipher suite from the supported list.
>>> For the public APIs part, please leave it as it is before we deprecate the specification. Some other JSSE provider might still support KRB5 cipher suites.
>>> Xuelei
>>> On 6/7/2018 1:45 AM, Weijun Wang wrote:
>>>> And there are the Kerberos word in public APIs:
>>>>
>>>> share/classes/javax/net/ssl/SSLContext.java
>>>> 336: * Some cipher suites (such as Kerberos) require remote hostname
>>>> 366: * Some cipher suites (such as Kerberos) require remote hostname
>>>>
>>>> share/classes/javax/net/ssl/HttpsURLConnection.java
>>>> 106: * such as Kerberos, will throw an SSLPeerUnverifiedException.
>>>> 130: * such as Kerberos.
>>>> 134: * KerberosPrincipal for Kerberos cipher suites.
>>>> 158: * return null for non-certificate based ciphersuites, such as Kerberos.
>>>> 162: * KerberosPrincipal for Kerberos cipher suites. If no principal was
>>>>
>>>> share/classes/javax/net/ssl/SSLContextSpi.java
>>>> 90: * Some cipher suites (such as Kerberos) require remote hostname
>>>> 110: * Some cipher suites (such as Kerberos) require remote hostname
>>>>
>>>> share/classes/javax/net/ssl/SSLEngine.java
>>>> 395: * Some cipher suites (such as Kerberos) require remote hostname
>>>> 397: * constructor to use Kerberos.
>>>>
>>>> share/classes/javax/net/ssl/SSLSession.java
>>>> 221: * such as Kerberos, will throw an SSLPeerUnverifiedException.
>>>> 264: * such as Kerberos, will throw an SSLPeerUnverifiedException.
>>>> 295: * KerberosPrincipal for Kerberos cipher suites.
>>>> 313: * KerberosPrincipal for Kerberos cipher suites. If no principal was
>>>>
>>>> share/classes/javax/net/ssl/HandshakeCompletedEvent.java
>>>> 122: * such as Kerberos, will throw an SSLPeerUnverifiedException.
>>>> 145: * such as Kerberos, will throw an SSLPeerUnverifiedException.
>>>> 178: * KerberosPrincipal for Kerberos cipher suites.
>>>> 208: * KerberosPrincipal for Kerberos cipher suites. If no principal was
>>>>
>>>> --Max
>>>>
>>>>> On Jun 7, 2018, at 4:31 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>>>>
>>>>> I still see K_KRB5 KeyExchange and TLS_KRB5_WITH_3DES_EDE_CBC_SHA etc in CipherSuite.java. Shall I also remove them.
>>>>>
>>>>> Thanks
>>>>> Max
>>>>>
>>>>
>
More information about the security-dev
mailing list