aes-sha2 in default etype list now?
Weijun Wang
weijun.wang at oracle.com
Wed Jun 21 11:11:20 EDT 2017
According to the source at
https://github.com/krb5/krb5/blob/master/src/lib/krb5/krb/init_ctx.c#L63:
static krb5_enctype default_enctype_list[] = {
ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
ENCTYPE_AES256_CTS_HMAC_SHA384_192, ENCTYPE_AES128_CTS_HMAC_SHA256_128,
ENCTYPE_DES3_CBC_SHA1,
ENCTYPE_ARCFOUR_HMAC,
ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC,
ENCTYPE_DES_CBC_CRC, ENCTYPE_DES_CBC_MD5, ENCTYPE_DES_CBC_MD4,
0
};
But the doc at https://github.com/krb5/krb5/blob/master/doc/conf.py#L275
shows:
.. |defetypes| replace:: ``aes256-cts-hmac-sha1-96
aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5
camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5
des-cbc-md4``
Are aes128-sha2 and aes256-sha2 default etypes?
Is doc behind src?
Thanks
Max
More information about the krbdev
mailing list