RFR: 8273670: Remove weak etypes from default krb5 etype list
Weijun Wang
weijun at openjdk.java.net
Sat Sep 25 00:27:53 UTC 2021
On Fri, 24 Sep 2021 21:59:04 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> This code change removes weak etypes from the default list so it's safer to enable one of them. See the corresponding CSR at https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW, please review the CSR as well.
>
> src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/EType.java line 90:
>
>> 88: try {
>> 89: Config cfg = Config.getInstance();
>> 90: allowWeakCrypto = cfg.getBooleanObject("libdefaults", "allow_weak_crypto")
>
> nit: exceeds 80 chars?
A little. I've learnt to accept lines a little bit longer than 80.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5654
More information about the security-dev
mailing list