-
Bug
-
Resolution: Fixed
-
P3
-
9
-
b68
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8084310 | emb-9 | Weijun Wang | P3 | Resolved | Fixed | team |
TLS has optional support for Kerberos cipher suites. The current implementation uses Class.forName to load the Kerberos classes and will support the extended cipher suites if the classes are present.
sun.security.ssl.JsseJce
->sun.security.krb5.PrincipalName
sun.security.ssl.KerberosClientKeyExchange
->sun.security.ssl.krb5.KerberosClientKeyExchangeImpl
sun.security.ssl.Krb5Helper
->sun.security.ssl.krb5.Krb5ProxyImpl
The current solution works well for Compact Profiles in JDK 8 but will be problematic in JDK 9 when we have modules. With modules then TLS will probably be in the base module and it is likely that Kerberos will be in its own module and will not export the module-private krb5 classes (see jake forest for current module graph).
This bug requests that the current implementation be re-examined and the reflection solution eliminated if possible. One approach to examine is using ServiceLoader so that the Kerberos module includes a service provider that TLS can use if present.
sun.security.ssl.JsseJce
->sun.security.krb5.PrincipalName
sun.security.ssl.KerberosClientKeyExchange
->sun.security.ssl.krb5.KerberosClientKeyExchangeImpl
sun.security.ssl.Krb5Helper
->sun.security.ssl.krb5.Krb5ProxyImpl
The current solution works well for Compact Profiles in JDK 8 but will be problematic in JDK 9 when we have modules. With modules then TLS will probably be in the base module and it is likely that Kerberos will be in its own module and will not export the module-private krb5 classes (see jake forest for current module graph).
This bug requests that the current implementation be re-examined and the reflection solution eliminated if possible. One approach to examine is using ServiceLoader so that the Kerberos module includes a service provider that TLS can use if present.
- backported by
-
JDK-8084310 TLS optional support for Kerberos cipher suites needs to be re-examined
-
- Resolved
-