Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8273670

Remove weak etypes from default krb5 etype list

    XMLWordPrintable

    Details

      Description

      The default etype list in Kerberos 5 still contains weak etypes like DES, 3DES and RC4. Although the allow_weak_crypto setting is false by default which means these etypes will not be used out-of-box, it's safer to remove them from default etypes as well. This is especially true for customers who only wants to use some of the weak etypes but not all of them. For example, if a customer needs to use RC4 but not DES, they would have to add RC4 to the enctypes lists and set allow_weak_crypto to true at the same time. Without the proposed change, they may only set allow_weak_crypto to true and forget to remove DES from those enctypes lists.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              weijun Weijun Wang
              Reporter:
              weijun Weijun Wang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: