Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-dev] Jetty Spnego instruction ktpass - why only crypto RC4-HMAC-NT?
Roland,

Happy to take feedback on this and improve the documentation related to this.  When I originally worked that feature years ago that was the recommended crypto at the time.  If things have changed (which I would think the would have based on the churn in SSL lands) then it we would not be surprised at all.  If you get something else working then by all means either submit the feedback as a Github Issue, as a documentation pull request...or give us an update here and to me directly.

Thing is actually testing this sort of thing requires a setup that we don't typically have access to so we have to bank upon user feedback that live in such environs. :)

cheers,
Jesse

--
jesse mcconnell
jesse.mcconnell@xxxxxxxxx

On Wed, May 4, 2016 at 2:05 AM, Houtman, Roland <Roland.Houtman@xxxxxxxxxxxxxxx> wrote:
Dear Devs,
 
At a customer site, the client browser sends a negotiate header, but the server side fails with a checksum failed error. It seems to be related to the used cipher suite.
 
The online jetty documentation tells to use ‘ktpass’ with specifically RC4-HMAC-NT
 
Does Jetty only support RC4-HMAC-NT?
 
Is there anything on the browser/client side which can be done to enforce the particular RC4 cipher?
(I would expect spnego/kerberos does auto-selection)
 
 
this mailing-list seemed most suited for the question. If not, please advise.
 
Kind regards,
Roland
 

_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev

Back to the top