Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8139348 Deprecate 3DES and RC4 in Kerberos
  3. JDK-8262335

Release Note: Deprecate 3DES and RC4 in Kerberos

    XMLWordPrintable

    Details

      Description

      The des3-hmac-sha1 and rc4-hmac Kerberos encryption types (etypes) are now deprecated and disabled by default. Users can set "allow_weak_crypto = true" in the `krb5.conf` configuration file to re-enable them (along with other weak etypes including des-cbc-crc and des-cbc-md5) at their own risk. To disable a subset of the weak etypes, users can list preferred etypes explicitly in any of default_tkt_enctypes, default_tgs_enctypes, or permitted_enctypes settings.

        Attachments

          Activity

            People

            Assignee:
            weijun Weijun Wang
            Reporter:
            weijun Weijun Wang
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: