JDK-6851973 : ignore incoming channel binding if acceptor does not set one
- Type: Enhancement
- Component: security-libs
- Sub-Component: org.ietf.jgss:krb5
- Affected Version: 1.4.2,1.4.2_22-rev,7
- Priority: P4
- Status: Resolved
- Resolution: Fixed
- OS: generic,linux_redhat_5.0,windows_xp
- CPU: generic,x86
- Submitted: 2009-06-17
- Updated: 2011-12-23
- Resolved: 2009-07-17
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| Other | Other | Other | JDK 6 | JDK 7 | Other |
|---|---|---|---|---|---|
| 1.4.2_24-rev,OpenJDK6Fixed | 1.4.2_25Fixed | 5.0u23Fixed | 6u17-revFixed | 7 b64Fixed  |
OpenJDK6Fixed |
Description
JSS/krb5 should ignore remote channel binding info when not requested at local side (RFC 4121 4.1.1.2: the acceptor MAY ignore...). All major krb5 implementors implement this "MAY", and some applications depend on it as a workaround for not having a way to negotiate the use of channel binding -- the initiator application always uses CB and hopes the acceptor will ignore the CB if the acceptor doesn't support CB.
Comments
|