RFR: 8139348: Deprecate 3DES and RC4 in Kerberos

Weijun Wang weijun at openjdk.java.net
Wed Feb 24 01:43:53 UTC 2021


Deprecate des3-hmac-sha1 (etype 16) and rc4-hmac (etype 23). User can add "allow_weak_crypto = true" in krb5.conf to re-enable them (plus the DES-based etypes deprecated long ago).

-------------

Commit messages:
 - 8139348: Deprecate 3DES and RC4 in Kerberos

Changes: https://git.openjdk.java.net/jdk/pull/2701/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=2701&range=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8139348
  Stats: 36 lines in 5 files changed: 7 ins; 3 del; 26 mod
  Patch: https://git.openjdk.java.net/jdk/pull/2701.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/2701/head:pull/2701

PR: https://git.openjdk.java.net/jdk/pull/2701



More information about the security-dev mailing list