--- old/src/java.security.jgss/share/classes/sun/security/krb5/KrbApReq.java	2016-10-25 09:03:35.000000000 +0800
+++ new/src/java.security.jgss/share/classes/sun/security/krb5/KrbApReq.java	2016-10-25 09:03:35.000000000 +0800
@@ -301,9 +301,10 @@
         if (!authenticator.ctime.inClockSkew())
             throw new KrbApErrException(Krb5.KRB_AP_ERR_SKEW);
 
+        String alg = AuthTimeWithHash.DEFAULT_HASH_ALG;
         byte[] hash;
         try {
-            hash = MessageDigest.getInstance("MD5")
+            hash = MessageDigest.getInstance(AuthTimeWithHash.realAlg(alg))
                     .digest(apReqMessg.authenticator.cipher);
         } catch (NoSuchAlgorithmException ex) {
             throw new AssertionError("Impossible");
@@ -319,6 +320,7 @@
                 apReqMessg.ticket.sname.toString(),
                 authenticator.ctime.getSeconds(),
                 authenticator.cusec,
+                alg,
                 new String(h));
         rcache.checkAndStore(KerberosTime.now(), time);