(tomcat) branch 9.0.x updated: Remove support for the KRB5 alias

Tue, 10 Feb 2026 08:44:30 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new 6c96a440f2 Remove support for the KRB5 alias
6c96a440f2 is described below

commit 6c96a440f23c9219f76a91510fc8e6313677e884
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Feb 10 16:15:04 2026 +0000

    Remove support for the KRB5 alias
---
 .../openssl/ciphers/OpenSSLCipherConfigurationParser.java    |  6 ------
 .../ciphers/TestOpenSSLCipherConfigurationParser.java        | 12 ++++++------
 webapps/docs/changelog.xml                                   |  6 +++---
 3 files changed, 9 insertions(+), 15 deletions(-)

diff --git 
a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
 
b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
index afe390743d..8add5928d2 100644
--- 
a/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
+++ 
b/java/org/apache/tomcat/util/net/openssl/ciphers/OpenSSLCipherConfigurationParser.java
@@ -323,10 +323,6 @@ public class OpenSSLCipherConfigurationParser {
      * Cipher suites using SHA384.
      */
     private static final String SHA384 = "SHA384";
-    /**
-     * Cipher suites using KRB5.
-     */
-    private static final String KRB5 = "KRB5";
     /**
      * Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication.
      */
@@ -549,8 +545,6 @@ public class OpenSSLCipherConfigurationParser {
         addListAlias(kRSAPSK, filterByKeyExchange(allCiphers, 
Collections.singleton(KeyExchange.RSAPSK)));
         addListAlias(kECDHEPSK, filterByKeyExchange(allCiphers, 
Collections.singleton(KeyExchange.ECDHEPSK)));
         addListAlias(kDHEPSK, filterByKeyExchange(allCiphers, 
Collections.singleton(KeyExchange.DHEPSK)));
-        addListAlias(KRB5, filter(allCiphers, null, 
Collections.singleton(KeyExchange.KRB5),
-                Collections.singleton(Authentication.KRB5), null, null, null));
         addListAlias(aSRP, filterByAuthentication(allCiphers, 
Collections.singleton(Authentication.SRP)));
         addListAlias(kSRP, filterByKeyExchange(allCiphers, 
Collections.singleton(KeyExchange.SRP)));
         addListAlias(SRP, filterByKeyExchange(allCiphers, 
Collections.singleton(KeyExchange.SRP)));
diff --git 
a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
 
b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
index aee2878a20..c48bcb40d6 100644
--- 
a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
+++ 
b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
@@ -416,12 +416,6 @@ public class TestOpenSSLCipherConfigurationParser {
     }
 
 
-    @Test
-    public void testKRB5() throws Exception {
-        testSpecification("KRB5");
-    }
-
-
     @Test
     public void testaGOST() throws Exception {
         testSpecification("aGOST");
@@ -599,6 +593,12 @@ public class TestOpenSSLCipherConfigurationParser {
     }
 
 
+    @Test
+    public void testSpecificationIsEmptyKRB5() throws Exception {
+        testSpecificationIsEmpty("KRB5");
+    }
+
+
     private void testSpecificationIsEmpty(String specification) throws 
Exception {
         String openSSLCipherList = 
TesterOpenSSL.getOpenSSLCiphersAsExpression(specification);
         Assert.assertEquals("Specification [" + specification + "] returned [" 
+ openSSLCipherList +
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index d31998e2a4..3f7f35ec70 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -124,9 +124,9 @@
       <fix>
         To maintain the documented alignment with the OpenSSL development
         branch, the use of the aliases <code>SSLv3</code>, <code>EXPORT</code>,
-        <code>EXPORT40</code> and <code>EXPORT56</code> are no longer supported
-        when setting the <code>ciphers</code> attribute of an
-        <code>SSLHostConfig</code> element. (markt)
+        <code>EXPORT40</code>, <code>EXPORT56</code> and <code>KRB5</code> are
+        no longer supported when setting the <code>ciphers</code> attribute of
+        an <code>SSLHostConfig</code> element. (markt)
       </fix>
       <fix>
         To maintain the documented alignment with the OpenSSL development


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to