Yes, please KRB5 cipher suite from the supported list.
For the public APIs part, please leave it as it is before we deprecate
the specification. Some other JSSE provider might still support KRB5
cipher suites.
Xuelei
On 6/7/2018 1:45 AM, Weijun Wang wrote:
And there are the Kerberos word in public APIs:
share/classes/javax/net/ssl/SSLContext.java
336: * Some cipher suites (such as Kerberos) require remote hostname
366: * Some cipher suites (such as Kerberos) require remote hostname
share/classes/javax/net/ssl/HttpsURLConnection.java
106: * such as Kerberos, will throw an SSLPeerUnverifiedException.
130: * such as Kerberos.
134: * KerberosPrincipal for Kerberos cipher suites.
158: * return null for non-certificate based ciphersuites, such as Kerberos.
162: * KerberosPrincipal for Kerberos cipher suites. If no principal was
share/classes/javax/net/ssl/SSLContextSpi.java
90: * Some cipher suites (such as Kerberos) require remote hostname
110: * Some cipher suites (such as Kerberos) require remote hostname
share/classes/javax/net/ssl/SSLEngine.java
395: * Some cipher suites (such as Kerberos) require remote hostname
397: * constructor to use Kerberos.
share/classes/javax/net/ssl/SSLSession.java
221: * such as Kerberos, will throw an SSLPeerUnverifiedException.
264: * such as Kerberos, will throw an SSLPeerUnverifiedException.
295: * KerberosPrincipal for Kerberos cipher suites.
313: * KerberosPrincipal for Kerberos cipher suites. If no principal was
share/classes/javax/net/ssl/HandshakeCompletedEvent.java
122: * such as Kerberos, will throw an SSLPeerUnverifiedException.
145: * such as Kerberos, will throw an SSLPeerUnverifiedException.
178: * KerberosPrincipal for Kerberos cipher suites.
208: * KerberosPrincipal for Kerberos cipher suites. If no principal was
--Max
On Jun 7, 2018, at 4:31 PM, Weijun Wang <weijun.w...@oracle.com> wrote:
I still see K_KRB5 KeyExchange and TLS_KRB5_WITH_3DES_EDE_CBC_SHA etc in
CipherSuite.java. Shall I also remove them.
Thanks
Max
