JDK-8012679 : Let allow_weak_crypto default to false
  • Type: Enhancement
  • Status: Closed
  • Resolution: Fixed
  • Component: security-libs
  • Sub-Component: org.ietf.jgss:krb5
  • Priority: P4
  • Affected Version: 8
  • Submit Date: 2013-04-19
  • Updated Date: 2017-05-17
  • Resolved Date: 2013-05-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availabitlity Release.

To download the current JDK release, click here.
JDK 7 JDK 8
7-poolUnresolved 8 b91Fixed
Related Reports
Relates :  
Relates :  
Sub Tasks
JDK-8014030 :  
Description
Java supports the krb5.conf allow_weak_crypto setting. When it's true, weak etypes (i.e. DES-related ones) are enabled. The current default value is true. According to RFC 6649, it should be false now.
Comments
release note: scope: Java SE text: The DES-related Kerberos 5 encryption types are not supported by default. Users can enabled them by adding allow_weak_crypto=true in krb5.conf but DES-related etypes are considered highly insecure today and they should be avoided by all means.
2013-12-11

provided test cased test/sun/security/krb5/auto/DupEtypes.java test/sun/security/krb5/etype/WeakCrypto.java have passed from B92 to B95 in 1.8
2013-06-17