RFR: 8139348: Deprecate 3DES and RC4 in Kerberos

Weijun Wang weijun at openjdk.java.net
Wed Feb 24 22:25:52 UTC 2021


On Wed, 24 Feb 2021 21:43:52 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Is there a test that checks that the weak algorithms are actually disabled? I wasn't sure if I saw anything or maybe that is another test that you didn't have to modify?
>
>> Is there a test that checks that the weak algorithms are actually disabled? I wasn't sure if I saw anything or maybe that is another test that you didn't have to modify?
> 
> Yes there's one and I'll update it. I can also add all weak etypes into `onlythree.conf` and they should be ignored.

Updated tests. There is a `weakcrypto.conf` file which has been useless for a long time since `WeakCrypto.java` generates krb5.conf on the fly.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2701


More information about the security-dev mailing list