JDK-6851973 : ignore incoming channel binding if acceptor does not set one
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: org.ietf.jgss:krb5
  • Affected Version: 1.4.2,1.4.2_22-rev,7
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic,linux_redhat_5.0,windows_xp
  • CPU: generic,x86
  • Submitted: 2009-06-17
  • Updated: 2011-12-23
  • Resolved: 2009-07-17
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other JDK 6 JDK 7 Other
1.4.2_24-rev,OpenJDK6Fixed 6u17-revFixed 7 b64Fixed OpenJDK6Fixed
JSS/krb5 should ignore remote channel binding info when not requested at local side (RFC 4121 the acceptor MAY ignore...).

All major krb5 implementors implement this "MAY", and some applications depend on it as a workaround for not having a way to negotiate the use of channel binding -- the initiator application always uses CB and hopes the acceptor will ignore the CB if the acceptor doesn't support CB.

EVALUATION http://hg.openjdk.java.net/jdk7/tl/jdk/rev/37ed72fe7561