The fix for JDK-8149521 is not complete and it's just a workaround for Kerberos. SASL Digest MD5 operates on fully qualified host names. If the name from service locator is directly used, it also fails.