RFR: 8139348: Deprecate 3DES and RC4 in Kerberos
Sean Mullan
mullan at openjdk.java.net
Wed Feb 24 21:36:41 UTC 2021
On Wed, 24 Feb 2021 01:38:07 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> Deprecate des3-hmac-sha1 (etype 16) and rc4-hmac (etype 23). User can add "allow_weak_crypto = true" in krb5.conf to re-enable them (plus the DES-based etypes deprecated long ago).
Is there a test that checks that the weak algorithms are actually disabled? I wasn't sure if I saw anything or maybe that is another test that you didn't have to modify?
test/jdk/sun/security/krb5/auto/NewSalt.java line 26:
> 24: /*
> 25: * @test
> 26: * @bug 6960894 8194486 8139348
I don't know if there are any rules or best practices about this, but I usually don't put a bugid on a test if it isn't specifically testing what this bug is about.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2701
More information about the security-dev
mailing list