RFR: 8139348: Deprecate 3DES and RC4 in Kerberos

Weijun Wang weijun at openjdk.java.net
Thu Feb 25 00:19:41 UTC 2021


On Wed, 24 Feb 2021 22:23:14 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>>> Is there a test that checks that the weak algorithms are actually disabled? I wasn't sure if I saw anything or maybe that is another test that you didn't have to modify?
>> 
>> Yes there's one and I'll update it. I can also add all weak etypes into `onlythree.conf` and they should be ignored.
>
> Updated tests. There is a `weakcrypto.conf` file which has been useless for a long time since `WeakCrypto.java` generates krb5.conf on the fly.

Please also review the release note at https://bugs.openjdk.java.net/browse/JDK-8262335.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2701


More information about the security-dev mailing list