On Thu, 23 Sep 2021 14:32:01 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> This code change removes weak etypes from the default list so it's safer to > enable one of them. See the corresponding CSR at > https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW, > please review the CSR as well. src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/EType.java line 85: > 83: > 84: // By default, only AES etypes are enabled > 85: defaultETypes = Arrays.copyOf(result, num); nit: why not just do: ` defaultETypes = (maxKeyLength >= 256? new int[] { EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, EncryptedData.ETYPE_AES256_CTS_HMAC_SHA384_192, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA256_128, } : new int[] { EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA256_128, }); ` ------------- PR: https://git.openjdk.java.net/jdk/pull/5654
