United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-8012679 : Let allow_weak_crypto default to false

Details
Type:
Enhancement
Submit Date:
2013-04-19
Status:
Closed
Updated Date:
2013-12-27
Project Name:
JDK
Resolved Date:
2013-05-08
Component:
security-libs
OS:
Sub-Component:
org.ietf.jgss:krb5
CPU:
Priority:
P4
Resolution:
Fixed
Affected Versions:
8
Fixed Versions:

Related Reports
Relates:
Relates:

Sub Tasks
JDK-8014030:

Description
Java supports the krb5.conf allow_weak_crypto setting. When it's true, DES-related etypes are disabled. The current default value is true. According to RFC 6649, it should be false now.
                                    

Comments
release note:

scope: Java SE
text: The DES-related Kerberos 5 encryption types are not supported by default. Users can enabled them by adding allow_weak_crypto=true in krb5.conf but DES-related etypes are considered highly insecure today and they should be avoided by all means.
                                     
2013-12-11
provided test cased test/sun/security/krb5/auto/DupEtypes.java
test/sun/security/krb5/etype/WeakCrypto.java
have passed from B92 to B95 in 1.8
                                     
2013-06-17
URL:   http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/7d89b0dd973c
User:  lana
Date:  2013-05-21 18:20:30 +0000

                                     
2013-05-21
URL:   http://hg.openjdk.java.net/jdk8/tl/jdk/rev/7d89b0dd973c
User:  weijun
Date:  2013-05-08 00:26:27 +0000

                                     
2013-05-08



Hardware and Software, Engineered to Work Together