[JDK-8262335] Release Note: Deprecate 3DES and RC4 in Kerberos - Java Bug System

Type: Sub-task
Resolution: Delivered
Priority: P3
Fix Version/s: 17
Affects Version/s: 7u361, 8u351, 11.0.17-oracle, 17
Component/s: security-libs
Labels:
- RN-Deprecated
- release-note

Subcomponent:
org.ietf.jgss:krb5
Verification:
Verified

Issue	Fix Version	Assignee	Priority	Status	Resolution
JDK-8289088	11.0.17-oracle	Weijun Wang	P3	Closed	Delivered
JDK-8289090	8u351	Weijun Wang	P3	Closed	Delivered
JDK-8289089	7u361	Weijun Wang	P3	Closed	Delivered

The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes) are now deprecated and disabled by default. Users can set `allow_weak_crypto = true` in the `krb5.conf` configuration file to re-enable them (along with other weak etypes including `des-cbc-crc` and `des-cbc-md5`) at their own risk. To disable a subset of the weak etypes, users can list preferred etypes explicitly in any of the `default_tkt_enctypes`, `default_tgs_enctypes`, or `permitted_enctypes` settings.

backported by

JDK-8289088 Release Note: Deprecate 3DES and RC4 in Kerberos

Closed

JDK-8289089 Release Note: Deprecate 3DES and RC4 in Kerberos

Closed

JDK-8289090 Release Note: Deprecate 3DES and RC4 in Kerberos

Closed

Assignee:: Weijun Wang

Reporter:: Weijun Wang

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2021-02-24 16:15

Updated:: 2022-06-23 13:17

Resolved:: 2021-08-10 13:41

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates