RFR: 8273670: Remove weak etypes from default krb5 etype list [v3]
Sean Mullan
mullan at openjdk.java.net
Tue Sep 28 14:56:33 UTC 2021
On Mon, 27 Sep 2021 01:28:29 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> This code change removes weak etypes from the default list so it's safer to enable one of them. See the corresponding CSR at https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW, please review the CSR as well.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> disable weak checksums as well
src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/CksumType.java line 111:
> 109: }
> 110: if (cksumType == null) {
> 111: throw new KdcErrException(Krb5.KDC_ERR_SUMTYPE_NOSUPP);
Could we add the checksum type that is disabled/not supported to this exception message?
-------------
PR: https://git.openjdk.java.net/jdk/pull/5654
More information about the security-dev
mailing list