RFR: 8273670: Remove weak etypes from default krb5 etype list [v3]
Sean Mullan
mullan at openjdk.java.net
Tue Sep 28 14:11:34 UTC 2021
On Mon, 27 Sep 2021 01:28:29 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> This code change removes weak etypes from the default list so it's safer to enable one of them. See the corresponding CSR at https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW, please review the CSR as well.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> disable weak checksums as well
src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/EType.java line 57:
> 55: private static int[] defaultETypes;
> 56: // allow_weak_crypto in krb5.conf
> 57: public static boolean allowWeakCrypto;
Can you make this package-private instead? I think it is only accessed by `sun.security.krb5.internal.crypto.Cksum`.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5654
More information about the security-dev
mailing list