[JDK-8262335] Release Note: Deprecate 3DES and RC4 in Kerberos - Java Bug System

XML

Word

Printable

Details

Type: Sub-task
Status: Closed
Priority: P3
Resolution: Delivered
Affects Version/s: 17
Fix Version/s: 17
Component/s: security-libs
Labels:
- RN-Deprecated
- release-note

Subcomponent:
org.ietf.jgss:krb5

Description

The des3-hmac-sha1 and rc4-hmac Kerberos encryption types (etypes) are now deprecated and disabled by default. Users can set "allow_weak_crypto = true" in the `krb5.conf` configuration file to re-enable them (along with other weak etypes including des-cbc-crc and des-cbc-md5) at their own risk. To disable a subset of the weak etypes, users can list preferred etypes explicitly in any of default_tkt_enctypes, default_tgs_enctypes, or permitted_enctypes settings.

Attachments

Activity

People

Assignee:: Weijun Wang

Reporter:: Weijun Wang

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2021-02-24 16:15

Updated:: 2021-02-26 05:29

Resolved:: 2021-02-25 14:29