JDK-8012679 : Let allow_weak_crypto default to false
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: org.ietf.jgss:krb5
  • Affected Version: 8
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2013-04-19
  • Updated: 2020-02-26
  • Resolved: 2013-05-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8 Other
7u231Fixed 8 b91Fixed openjdk7uFixed
Related Reports
Relates :  
Relates :  
Sub Tasks
JDK-8014030 :  
JDK-8227917 :  
Java supports the krb5.conf allow_weak_crypto setting. When it's true, weak etypes (i.e. DES-related ones) are enabled. The current default value is true. According to RFC 6649, it should be false now.
release note: scope: Java SE text: The DES-related Kerberos 5 encryption types are not supported by default. Users can enabled them by adding allow_weak_crypto=true in krb5.conf but DES-related etypes are considered highly insecure today and they should be avoided by all means.

provided test cased test/sun/security/krb5/auto/DupEtypes.java test/sun/security/krb5/etype/WeakCrypto.java have passed from B92 to B95 in 1.8