JDK-6851973 : ignore incoming channel binding if acceptor does not set one
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: org.ietf.jgss:krb5
  • Affected Version: 1.4.2,1.4.2_22-rev,7
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic,linux_redhat_5.0,windows_xp
  • CPU: generic,x86
  • Submitted: 2009-06-17
  • Updated: 2011-12-23
  • Resolved: 2009-07-17
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other JDK 6 JDK 7
1.4.2_24-revFixed 6u17-revFixed 7 b64Fixed
Description
JSS/krb5 should ignore remote channel binding info when not requested at local side (RFC 4121 4.1.1.2: the acceptor MAY ignore...).

All major krb5 implementors implement this "MAY", and some applications depend on it as a workaround for not having a way to negotiate the use of channel binding -- the initiator application always uses CB and hopes the acceptor will ignore the CB if the acceptor doesn't support CB.

Comments
EVALUATION http://hg.openjdk.java.net/jdk7/tl/jdk/rev/37ed72fe7561
19-06-2009