Java supports the krb5.conf allow_weak_crypto setting. When it's true, weak etypes (i.e. DES-related ones) are enabled. The current default value is true. According to RFC 6649, it should be false now.
scope: Java SE
text: The DES-related Kerberos 5 encryption types are not supported by default. Users can enabled them by adding allow_weak_crypto=true in krb5.conf but DES-related etypes are considered highly insecure today and they should be avoided by all means.
provided test cased test/sun/security/krb5/auto/DupEtypes.java
have passed from B92 to B95 in 1.8
Date: 2013-05-21 18:20:30 +0000