On Fri, 24 Sep 2021 21:55:44 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> This code change removes weak etypes from the default list so it's safer to >> enable one of them. See the corresponding CSR at >> https://bugs.openjdk.java.net/browse/JDK-8274207 for more explanation. BTW, >> please review the CSR as well. > > src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/EType.java > line 85: > >> 83: >> 84: // By default, only AES etypes are enabled >> 85: defaultETypes = Arrays.copyOf(result, num); > > nit: why not just do: > <pre> defaultETypes = (maxKeyLength >= 256? > new int[] { > EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96, > EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, > EncryptedData.ETYPE_AES256_CTS_HMAC_SHA384_192, > EncryptedData.ETYPE_AES128_CTS_HMAC_SHA256_128, > } : new int[] { > EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, > EncryptedData.ETYPE_AES128_CTS_HMAC_SHA256_128, > }); > </pre> OK, I can code this way. ------------- PR: https://git.openjdk.java.net/jdk/pull/5654
