RFR: 8139348: Deprecate 3DES and RC4 in Kerberos
Weijun Wang
weijun at openjdk.java.net
Thu Feb 25 00:19:41 UTC 2021
On Wed, 24 Feb 2021 22:23:14 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>>> Is there a test that checks that the weak algorithms are actually disabled? I wasn't sure if I saw anything or maybe that is another test that you didn't have to modify?
>>
>> Yes there's one and I'll update it. I can also add all weak etypes into `onlythree.conf` and they should be ignored.
>
> Updated tests. There is a `weakcrypto.conf` file which has been useless for a long time since `WeakCrypto.java` generates krb5.conf on the fly.
Please also review the release note at https://bugs.openjdk.java.net/browse/JDK-8262335.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2701
More information about the security-dev
mailing list