JDK-8012679 : Let allow_weak_crypto default to false
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: org.ietf.jgss:krb5
  • Affected Version: 8
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2013-04-19
  • Updated: 2020-02-26
  • Resolved: 2013-05-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8 Other
7u231Fixed 8 b91Fixed openjdk7uFixed
Related Reports
Relates :  
JDK-6844909 - support allow_weak_crypto in krb5.conf
Relates :  
JDK-8014310 - JAAS/Krb5LoginModule using des encytypes failure with NPE after JDK-8012679
Sub Tasks
JDK-8014030 :  
Add doc for 8012679 - Closed
JDK-8227917 :  
Release Note: Weak Encryption Disabled by Default - Closed
Description
Java supports the krb5.conf allow_weak_crypto setting. When it's true, weak etypes (i.e. DES-related ones) are enabled. The current default value is true. According to RFC 6649, it should be false now.
Comments
release note: scope: Java SE text: The DES-related Kerberos 5 encryption types are not supported by default. Users can enabled them by adding allow_weak_crypto=true in krb5.conf but DES-related etypes are considered highly insecure today and they should be avoided by all means.
11-12-2013
provided test cased test/sun/security/krb5/auto/DupEtypes.java test/sun/security/krb5/etype/WeakCrypto.java have passed from B92 to B95 in 1.8
17-06-2013