JDK-8193850 : Release Note: Support for AES Encryption with HMAC-SHA2 for Kerberos 5 Defined in RFC 8009
- Type: Sub-task
- Component: security-libs
- Sub-Component: org.ietf.jgss:krb5
- Affected Version: 11
- Priority: P3
- Status: Closed
- Resolution: Delivered
- Submitted: 2017-12-20
- Updated: 2018-10-18
- Resolved: 2018-10-18
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 |
|---|
11Resolved  |
Description
The Kerberos 5 encryption types of `aes128-cts-hmac-sha256-128` and `aes256-cts-hmac-sha384-192` defined in RFC 8009 are supported. These encryption types are enabled by default. The default order of preference is "`aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 des-cbc-crc des-cbc-md5`." Users can use the `default_tkt_enctypes` and `default_tgs_enctypes` settings in the `krb5.conf` file to modify the list.