Hi Xuelei A *primitive* version of webrev available at
http://cr.openjdk.java.net/~weijun/8038089/webrev.00 Please confirm this is the way you like it. ExternalCipherSuite is the service interface and Krb5CipherSuite implements it. It's a modification of the old Krb5Proxy but I've moved as many as Kerberos-related codes to the implementation side so it has less methods now. Most likely we will define this new interface in a public package. I didn't touch any core SSL classes except for ClientHandshaker and ServerHandShaker. If you think there are other places too closely connected with kerberos, please let me know. Ideally, those case K_KRB5: case K_KRB5_EXPORT: Krb5Helper.doXXX(...): should be something like default: getExternalHelper(keyExchange).doXXX(...) but I guess we won't do that unless we know there will be a second implementation. Thanks Max
