JDK-8200400 : Allow Sasl mechanisms to be restricted
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.security
  • Affected Version: 7,8,11,13
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2018-03-28
  • Updated: 2019-10-04
  • Resolved: 2019-05-10
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 JDK 7 JDK 8 Other
11.0.5Fixed 13 b21Fixed 7u251Fixed 8u241Fixed openjdk8u242Unresolved
Related Reports
Blocks :  
CSR :  
Relates :  
Sub Tasks
JDK-8200401 :  
JDK-8227564 :  
Description
Most mechanisms defined in https://docs.oracle.com/javase/10/security/java-sasl-api-programming-and-deployment-guide1.htm#JSSEC-GUID-2F50B103-FE9F-459F-9EC5-B708358A7B59 are considered weak today. There should be a way to restrict the use of them.
Comments
Fix Request (jdk8u) I'd like to request a jdk8u backport approval for this enhancement. Patch does not apply cleanly so a review has been requested: https://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-August/009945.html
05-08-2019

Fix Request (jdk11u) I'd like to request a jdk11u backport approval for this enhancement. Patch applies cleanly.
05-08-2019

Changing the name of the issue to be more reflective of what was actually done.
06-06-2019