Details
-
Sub-task
-
Resolution: Delivered
-
P3
-
7u361, 8u351, 11.0.17-oracle, 17
-
Verified
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8289088 | 11.0.17-oracle | Weijun Wang | P3 | Closed | Delivered | |
| JDK-8289090 | 8u351 | Weijun Wang | P3 | Closed | Delivered | |
| JDK-8289089 | 7u361 | Weijun Wang | P3 | Closed | Delivered |
Description
The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes) are now deprecated and disabled by default. Users can set `allow_weak_crypto = true` in the `krb5.conf` configuration file to re-enable them (along with other weak etypes including `des-cbc-crc` and `des-cbc-md5`) at their own risk. To disable a subset of the weak etypes, users can list preferred etypes explicitly in any of the `default_tkt_enctypes`, `default_tgs_enctypes`, or `permitted_enctypes` settings.
Attachments
Issue Links
- backported by
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-