diff -u new/src/java.security.jgss/share/classes/sun/security/krb5/KrbApReq.java new/src/java.security.jgss/share/classes/sun/security/krb5/KrbApReq.java --- new/src/java.security.jgss/share/classes/sun/security/krb5/KrbApReq.java 2016-10-25 09:03:35.000000000 +0800 +++ new/src/java.security.jgss/share/classes/sun/security/krb5/KrbApReq.java 2016-10-25 15:18:35.000000000 +0800 @@ -307,7 +307,7 @@ hash = MessageDigest.getInstance(AuthTimeWithHash.realAlg(alg)) .digest(apReqMessg.authenticator.cipher); } catch (NoSuchAlgorithmException ex) { - throw new AssertionError("Impossible"); + throw new AssertionError("Impossible " + alg); } char[] h = new char[hash.length * 2]; diff -u new/src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/AuthTimeWithHash.java new/src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/AuthTimeWithHash.java --- new/src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/AuthTimeWithHash.java 2016-10-25 09:03:38.000000000 +0800 +++ new/src/java.security.jgss/share/classes/sun/security/krb5/internal/rcache/AuthTimeWithHash.java 2016-10-25 15:18:39.000000000 +0800 @@ -37,18 +37,25 @@ implements Comparable { // The hash algorithm can be "HASH" or "SHA256". - public static String DEFAULT_HASH_ALG = GetPropertyAction - .privilegedGetProperty("jdk.krb5.rcache.hashalg", "HASH"); + public static final String DEFAULT_HASH_ALG; - public static String realAlg(String alg) { - if (alg.equals("HASH")) { - return "MD5"; - } else if (alg.equals("SHA")) { - return "SHA-1"; - } else if (alg.startsWith("SHA") && !alg.startsWith("SHA-")) { - return "SHA-" + alg.substring(3); + static { + if (GetPropertyAction.privilegedGetProperty( + "jdk.krb5.rcache.usemd5", "false").equals("true")) { + DEFAULT_HASH_ALG = "HASH"; } else { - return alg; + DEFAULT_HASH_ALG = "SHA256"; + } + } + + public static String realAlg(String alg) { + switch (alg) { + case "HASH": + return "MD5"; + case "SHA256": + return "SHA-256"; + default: + throw new AssertionError(alg + " is not HASH or SHA256"); } } diff -u new/test/sun/security/krb5/auto/ReplayCacheTestProc.java new/test/sun/security/krb5/auto/ReplayCacheTestProc.java --- new/test/sun/security/krb5/auto/ReplayCacheTestProc.java 2016-10-25 09:03:42.000000000 +0800 +++ new/test/sun/security/krb5/auto/ReplayCacheTestProc.java 2016-10-25 15:18:46.000000000 +0800 @@ -28,7 +28,7 @@ * @library ../../../../java/security/testlibrary/ /test/lib * @compile -XDignore.symbol.file ReplayCacheTestProc.java * @run main/othervm/timeout=300 ReplayCacheTestProc - * @run main/othervm/timeout=300 -Djdk.krb5.rcache.hashalg=SHA256 ReplayCacheTestProc + * @run main/othervm/timeout=300 -Djdk.krb5.rcache.usemd5=true ReplayCacheTestProc */ import java.io.*; @@ -321,6 +321,10 @@ if (type.equals("J")) { p.prop("sun.security.krb5.rcache", "dfl") .prop("java.io.tmpdir", cwd); + String useMD5 = System.getProperty("jdk.krb5.rcache.usemd5"); + if (useMD5 != null) { + p.prop("jdk.krb5.rcache.usemd5", useMD5); + } } else { p.env("KRB5_CONFIG", OneKDC.KRB5_CONF) .env("KRB5_KTNAME", OneKDC.KTAB)