[JDK-8262335] Release Note: Deprecate 3DES and RC4 in Kerberos - Java Bug System

XML

Word

Printable

Details

Type: Sub-task
Status: Closed
Priority: P3
Resolution: Delivered
Affects Version/s: 17
Fix Version/s: 17
Component/s: security-libs
Labels:
- RN-Deprecated
- release-note

Subcomponent:
org.ietf.jgss:krb5
Verification:
Verified

Description

The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes) are now deprecated and disabled by default. Users can set `allow_weak_crypto = true` in the `krb5.conf` configuration file to re-enable them (along with other weak etypes including `des-cbc-crc` and `des-cbc-md5`) at their own risk. To disable a subset of the weak etypes, users can list preferred etypes explicitly in any of the `default_tkt_enctypes`, `default_tgs_enctypes`, or `permitted_enctypes` settings.

Attachments

Activity

People

Assignee:: Weijun Wang

Reporter:: Weijun Wang

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2021-02-24 16:15

Updated:: 2021-09-09 14:35

Resolved:: 2021-08-10 13:41