RFR 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine
weijun.wang at oracle.com
Tue May 26 03:32:42 UTC 2015
This is the latest webrev of this bug
No significant change from the previous one, mainly rebase.
There are some issues which need changes inside JSSE. I'd like to file
another bug for them.
1. JsseJce.java still uses core reflection to detect whether Kerberos
support is available. It cannot call ClientKeyExchangeService.find()
because there is a circular initialization problem between it and
2. CipherSuite.java still contains hard coded krb5-related KeyExchange
and CipherSuite values. These should be moved into plugin.
Finally, a lot of you speak out that RFC 2712 is dead and we needn't
support them. Thanks for the advice. However, this code change is mainly
a refactoring of existing codes because in jdk9 we will have to separate
TLS and Kerberos into different modules, and we cannot simply drop the
On 9/16/2014 9:31 AM, Wang Weijun wrote:
> Hi Xuelei
> Please review the latest code change at
> Compared with webrev.03, only the way the provider is loaded is changed, which is the static block on lines 50-71 of Krb5Helper.java.
More information about the security-dev