RFR: 8139348: Deprecate 3DES and RC4 in Kerberos
Weijun Wang
weijun at openjdk.java.net
Wed Feb 24 22:25:52 UTC 2021
On Wed, 24 Feb 2021 21:43:52 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Is there a test that checks that the weak algorithms are actually disabled? I wasn't sure if I saw anything or maybe that is another test that you didn't have to modify?
>
>> Is there a test that checks that the weak algorithms are actually disabled? I wasn't sure if I saw anything or maybe that is another test that you didn't have to modify?
>
> Yes there's one and I'll update it. I can also add all weak etypes into `onlythree.conf` and they should be ignored.
Updated tests. There is a `weakcrypto.conf` file which has been useless for a long time since `WeakCrypto.java` generates krb5.conf on the fly.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2701
More information about the security-dev
mailing list