RFR: 8262389: Use permitted_enctypes if default_tkt_enctypes or default_tgs_enctypes is not present

When default_tkt_enctypes or default_tgs_enctypes, use the value of permitted_enctypes if it exists. Please also review the CSR at https://bugs.openjdk.java.net/browse/JDK-8262391 and release note at https://bugs.openjdk.java.net/browse/JDK-8262401. - Commit messages: - 8262389:

Integrated: 8139348: Deprecate 3DES and RC4 in Kerberos

On Wed, 24 Feb 2021 01:38:07 GMT, Weijun Wang wrote: > Deprecate des3-hmac-sha1 (etype 16) and rc4-hmac (etype 23). User can add > "allow_weak_crypto = true" in krb5.conf to re-enable them (plus the DES-based > etypes deprecated long ago). This pull request has now been integrated.

RE: [11u] RFR: 8256421: Add 2 HARICA roots to cacerts truststore

Hi Christoph, thanks for the review and the approval! Best regards, Martin From: Langer, Christoph Sent: Donnerstag, 18. Februar 2021 14:11 To: Doerr, Martin ; security-dev ; jdk-updates-...@openjdk.java.net Cc: Lindenmaier, Goetz Subject: RE: [11u] RFR: 8256421: Add 2 HARICA roots to

RE: [11u] RFR: 8244683: A TSA server used by tests

Hi Götz, thanks for the review! Best regards, Martin From: Lindenmaier, Goetz Sent: Montag, 8. Februar 2021 14:18 To: Doerr, Martin ; security-dev ; jdk-updates-...@openjdk.java.net Cc: Langer, Christoph Subject: RE: [11u] RFR: 8244683: A TSA server used by tests Hi Martin, Thanks for

[11u] RFR: 8256421: Add 2 HARICA roots to cacerts truststore

Hi, JDK-8256421 is backported to 11.0.11-oracle. I'd like to backport it for parity. It doesn't apply cleanly. I'm using the jdk16u backport. See "Fix Request (jdk16u)" comment. VerifyCACerts.java: I had to change the COUNT manually: -private static final int COUNT = 95; +private static

Re: RFR: 8253795: Implementation of JEP 391: macOS/AArch64 Port [v18]

On Wed, 17 Feb 2021 12:36:10 GMT, Anton Kozlov wrote: >> Please review the implementation of JEP 391: macOS/AArch64 Port. >> >> It's heavily based on existing ports to linux/aarch64, macos/x86_64, and >> windows/aarch64. >> >> Major changes are in: >> * src/hotspot/cpu/aarch64: support of

Re: RFR: 8139348: Deprecate 3DES and RC4 in Kerberos [v3]

> Deprecate des3-hmac-sha1 (etype 16) and rc4-hmac (etype 23). User can add > "allow_weak_crypto = true" in krb5.conf to re-enable them (plus the DES-based > etypes deprecated long ago). Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:

Re: RFR: 8139348: Deprecate 3DES and RC4 in Kerberos [v2]

On Thu, 25 Feb 2021 13:40:59 GMT, Sean Mullan wrote: >> Weijun Wang has updated the pull request incrementally with one additional >> commit since the last revision: >> >> test updates > > test/jdk/sun/security/krb5/auto/W83.java line 26: > >> 24: /* >> 25: * @test >> 26: * @bug 6932525

Re: RFR: 8139348: Deprecate 3DES and RC4 in Kerberos [v2]

On Wed, 24 Feb 2021 22:25:52 GMT, Weijun Wang wrote: >> Deprecate des3-hmac-sha1 (etype 16) and rc4-hmac (etype 23). User can add >> "allow_weak_crypto = true" in krb5.conf to re-enable them (plus the >> DES-based etypes deprecated long ago). > > Weijun Wang has updated the pull request

Re: RFR: JDK-8261969: SNIHostName should check if the encoded hostname conform to RFC 3490 [v3]

On Mon, 22 Feb 2021 22:38:19 GMT, John Jiang wrote: >> Changes requested by rhalade (Reviewer). > > I wouldn't merge the master to this branch :-( Could the latest patch be reviewed? - PR: https://git.openjdk.java.net/jdk/pull/2639

Re: RFR: 8261880: Change nested classes in java.base to static nested classes where possible [v2]

On Wed, 24 Feb 2021 08:50:36 GMT, Alan Bateman wrote: >> Сергей Цыпанов has updated the pull request incrementally with one >> additional commit since the last revision: >> >> 8261880: Remove static from declarations of Holder nested classes > >