RFR: 8139348: Deprecate 3DES and RC4 in Kerberos

Weijun Wang weijun at openjdk.java.net
Wed Feb 24 21:40:45 UTC 2021


On Wed, 24 Feb 2021 21:28:41 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Deprecate des3-hmac-sha1 (etype 16) and rc4-hmac (etype 23). User can add "allow_weak_crypto = true" in krb5.conf to re-enable them (plus the DES-based etypes deprecated long ago).
>
> test/jdk/sun/security/krb5/auto/NewSalt.java line 26:
> 
>> 24: /*
>> 25:  * @test
>> 26:  * @bug 6960894 8194486 8139348
> 
> I don't know if there are any rules or best practices about this, but I usually don't put a bugid on a test if it isn't specifically testing what this bug is about.

OK, I'll remove it.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2701



More information about the security-dev mailing list