RFR: 8273670: Remove weak etypes from default krb5 etype list
Valerie Peng
valeriep at openjdk.java.net
Fri Sep 24 23:57:53 UTC 2021
On Thu, 23 Sep 2021 14:32:01 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> This code change removes weak etypes from the default list so it's safer to enable one of them. See the corresponding CSR at https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW, please review the CSR as well.
I've reviewed the CSR and made some edit changes. Thanks.
test/jdk/sun/security/krb5/etype/WeakCrypto.java line 54:
> 52: 18, 17, 20, 19); // the defaults
> 53:
> 54: test(null, "aes256-cts aes128-cts aes256-sha2 aes128-sha2 des3-hmac-sha1 arcfour-hmac des-cbc-crc des-cbc-md5",
nit: save this into a local String variable, e.g. strongAndWeak or allETypes, and reuse this.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5654
More information about the security-dev
mailing list