From: Tom Yu <tlyu@mit.edu>
Date: Wed, 5 Nov 2014 19:10:35 +0000 (-0500)
Subject: Remove des3 and arcfour from supported_enctypes
X-Git-Tag: krb5-1.14-alpha1~206
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=38a31852c3e58f6e2f6b3b035a87f817d1db5537;p=thirdparty%2Fkrb5.git

Remove des3 and arcfour from supported_enctypes

The des3 and arcfour (rc4) enctypes use weak string-to-key algorithms,
and should not be used for producing password-derived keys.

ticket: 7903
---

diff --git a/src/include/osconf.hin b/src/include/osconf.hin
index 6f28bc3d69..922d7960f1 100644
--- a/src/include/osconf.hin
+++ b/src/include/osconf.hin
@@ -101,8 +101,7 @@
 
 #define KRB5_DEFAULT_SUPPORTED_ENCTYPES                 \
     "aes256-cts-hmac-sha1-96:normal "                   \
-    "aes128-cts-hmac-sha1-96:normal "                   \
-    "des3-cbc-sha1:normal arcfour-hmac-md5:normal"
+    "aes128-cts-hmac-sha1-96:normal"
 
 #define MAX_DGRAM_SIZE  65536