< prev index next >

src/share/lib/security/java.security-macosx

Print this page
rev 14231 : 8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR
Reviewed-by: mullan, xuelei, weijun


 438 # (either a user or service).
 439 #
 440 # When a client issues an AS or a TGS request, the "canonicalize" option
 441 # is set to announce support of this feature. A KDC server may fulfill the
 442 # request or reply referring the client to a different one. If referred,
 443 # the client will issue a new request and the cycle repeats.
 444 #
 445 # In addition to referrals, the "canonicalize" option allows the KDC server
 446 # to change the client name in response to an AS request. For security reasons,
 447 # RFC 6806 (section 11) FAST scheme is enforced.
 448 #
 449 # Disable Kerberos cross-realm referrals. Value may be overwritten with a
 450 # System property (-Dsun.security.krb5.disableReferrals).
 451 sun.security.krb5.disableReferrals=false
 452 
 453 # Maximum number of AS or TGS referrals to avoid infinite loops. Value may
 454 # be overwritten with a System property (-Dsun.security.krb5.maxReferrals).
 455 sun.security.krb5.maxReferrals=5
 456 
 457 #
















 458 # Algorithm restrictions for certification path (CertPath) processing
 459 #
 460 # In some environments, certain algorithms or key lengths may be undesirable
 461 # for certification path building and validation.  For example, "MD2" is
 462 # generally no longer considered to be a secure hash algorithm.  This section
 463 # describes the mechanism for disabling algorithms based on algorithm name
 464 # and/or key length.  This includes algorithms used in certificates, as well
 465 # as revocation information such as CRLs and signed OCSP Responses.
 466 # The syntax of the disabled algorithm string is described as follows:
 467 #   DisabledAlgorithms:
 468 #       " DisabledAlgorithm { , DisabledAlgorithm } "
 469 #
 470 #   DisabledAlgorithm:
 471 #       AlgorithmName [Constraint] { '&' Constraint }
 472 #
 473 #   AlgorithmName:
 474 #       (see below)
 475 #
 476 #   Constraint:
 477 #       KeySizeConstraint | CAConstraint | DenyAfterConstraint |
 478 #       UsageConstraint
 479 #
 480 #   KeySizeConstraint:
 481 #       keySize Operator KeyLength
 482 #
 483 #   Operator:
 484 #       <= | < | == | != | >= | >
 485 #
 486 #   KeyLength:
 487 #       Integer value of the algorithm's key length in bits
 488 #
 489 #   CAConstraint:
 490 #       jdkCA
 491 #
 492 #   DenyAfterConstraint:
 493 #       denyAfter YYYY-MM-DD
 494 #
 495 #   UsageConstraint:
 496 #       usage [TLSServer] [TLSClient] [SignedJAR]
 497 #



 498 # The "AlgorithmName" is the standard algorithm name of the disabled
 499 # algorithm. See "Java Cryptography Architecture Standard Algorithm Name
 500 # Documentation" for information about Standard Algorithm Names.  Matching
 501 # is performed using a case-insensitive sub-element matching rule.  (For
 502 # example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and
 503 # "ECDSA" for signatures.)  If the assertion "AlgorithmName" is a
 504 # sub-element of the certificate algorithm name, the algorithm will be
 505 # rejected during certification path building and validation.  For example,
 506 # the assertion algorithm name "DSA" will disable all certificate algorithms
 507 # that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
 508 # will not disable algorithms related to "ECDSA".
 509 #








 510 # A "Constraint" defines restrictions on the keys and/or certificates for
 511 # a specified AlgorithmName:
 512 #
 513 #   KeySizeConstraint:
 514 #     keySize Operator KeyLength
 515 #       The constraint requires a key of a valid size range if the
 516 #       "AlgorithmName" is of a key algorithm.  The "KeyLength" indicates
 517 #       the key size specified in number of bits.  For example,
 518 #       "RSA keySize <= 1024" indicates that any RSA key with key size less
 519 #       than or equal to 1024 bits should be disabled, and
 520 #       "RSA keySize < 1024, RSA keySize > 2048" indicates that any RSA key
 521 #       with key size less than 1024 or greater than 2048 should be disabled.
 522 #       This constraint is only used on algorithms that have a key size.
 523 #
 524 #   CAConstraint:
 525 #     jdkCA
 526 #       This constraint prohibits the specified algorithm only if the
 527 #       algorithm is used in a certificate chain that terminates at a marked
 528 #       trust anchor in the lib/security/cacerts keystore.  If the jdkCA
 529 #       constraint is not set, then all chains using the specified algorithm


 562 # chain that terminate at a distribution provided trust anchor and contain
 563 # RSA keys that are less than or equal to 1024 bits, add the following
 564 # constraint:  "RSA keySize <= 1024 & jdkCA".
 565 #
 566 # All DisabledAlgorithms expressions are processed in the order defined in the
 567 # property.  This requires lower keysize constraints to be specified
 568 # before larger keysize constraints of the same algorithm.  For example:
 569 # "RSA keySize < 1024 & jdkCA, RSA keySize < 2048".
 570 #
 571 # Note: The algorithm restrictions do not apply to trust anchors or
 572 # self-signed certificates.
 573 #
 574 # Note: This property is currently used by Oracle's PKIX implementation. It
 575 # is not guaranteed to be examined and used by other implementations.
 576 #
 577 # Example:
 578 #   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
 579 #
 580 #
 581 jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
 582     RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224

 583 
 584 #
 585 # Algorithm restrictions for signed JAR files
 586 #
 587 # In some environments, certain algorithms or key lengths may be undesirable
 588 # for signed JAR validation.  For example, "MD2" is generally no longer
 589 # considered to be a secure hash algorithm.  This section describes the
 590 # mechanism for disabling algorithms based on algorithm name and/or key length.
 591 # JARs signed with any of the disabled algorithms or key sizes will be treated
 592 # as unsigned.
 593 #
 594 # The syntax of the disabled algorithm string is described as follows:
 595 #   DisabledAlgorithms:
 596 #       " DisabledAlgorithm { , DisabledAlgorithm } "
 597 #
 598 #   DisabledAlgorithm:
 599 #       AlgorithmName [Constraint] { '&' Constraint }
 600 #
 601 #   AlgorithmName:
 602 #       (see below)


 605 #       KeySizeConstraint | DenyAfterConstraint
 606 #
 607 #   KeySizeConstraint:
 608 #       keySize Operator KeyLength
 609 #
 610 #   DenyAfterConstraint:
 611 #       denyAfter YYYY-MM-DD
 612 #
 613 #   Operator:
 614 #       <= | < | == | != | >= | >
 615 #
 616 #   KeyLength:
 617 #       Integer value of the algorithm's key length in bits
 618 #
 619 # Note: This property is currently used by the JDK Reference
 620 # implementation. It is not guaranteed to be examined and used by other
 621 # implementations.
 622 #
 623 # See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
 624 #
 625 jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024

 626 
 627 #
 628 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security
 629 # (SSL/TLS) processing
 630 #
 631 # In some environments, certain algorithms or key lengths may be undesirable
 632 # when using SSL/TLS.  This section describes the mechanism for disabling
 633 # algorithms during SSL/TLS security parameters negotiation, including
 634 # protocol version negotiation, cipher suites selection, peer authentication
 635 # and key exchange mechanisms.
 636 #
 637 # Disabled algorithms will not be negotiated for SSL/TLS connections, even
 638 # if they are enabled explicitly in an application.
 639 #
 640 # For PKI-based peer authentication and key exchange mechanisms, this list
 641 # of disabled algorithms will also be checked during certification path
 642 # building and validation, including algorithms used in certificates, as
 643 # well as revocation information such as CRLs and signed OCSP Responses.
 644 # This is in addition to the jdk.certpath.disabledAlgorithms property above.
 645 #
 646 # See the specification of "jdk.certpath.disabledAlgorithms" for the
 647 # syntax of the disabled algorithm string.
 648 #
 649 # Note: The algorithm restrictions do not apply to trust anchors or
 650 # self-signed certificates.
 651 #
 652 # Note: This property is currently used by the JDK Reference implementation.
 653 # It is not guaranteed to be examined and used by other implementations.
 654 #
 655 # Example:
 656 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
 657 jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
 658     EC keySize < 224, 3DES_EDE_CBC, anon, NULL

 659 
 660 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
 661 # processing in JSSE implementation.
 662 #
 663 # In some environments, a certain algorithm may be undesirable but it
 664 # cannot be disabled because of its use in legacy applications.  Legacy
 665 # algorithms may still be supported, but applications should not use them
 666 # as the security strength of legacy algorithms are usually not strong enough
 667 # in practice.
 668 #
 669 # During SSL/TLS security parameters negotiation, legacy algorithms will
 670 # not be negotiated unless there are no other candidates.
 671 #
 672 # The syntax of the legacy algorithms string is described as this Java
 673 # BNF-style:
 674 #   LegacyAlgorithms:
 675 #       " LegacyAlgorithm { , LegacyAlgorithm } "
 676 #
 677 #   LegacyAlgorithm:
 678 #       AlgorithmName (standard JSSE algorithm name)




 438 # (either a user or service).
 439 #
 440 # When a client issues an AS or a TGS request, the "canonicalize" option
 441 # is set to announce support of this feature. A KDC server may fulfill the
 442 # request or reply referring the client to a different one. If referred,
 443 # the client will issue a new request and the cycle repeats.
 444 #
 445 # In addition to referrals, the "canonicalize" option allows the KDC server
 446 # to change the client name in response to an AS request. For security reasons,
 447 # RFC 6806 (section 11) FAST scheme is enforced.
 448 #
 449 # Disable Kerberos cross-realm referrals. Value may be overwritten with a
 450 # System property (-Dsun.security.krb5.disableReferrals).
 451 sun.security.krb5.disableReferrals=false
 452 
 453 # Maximum number of AS or TGS referrals to avoid infinite loops. Value may
 454 # be overwritten with a System property (-Dsun.security.krb5.maxReferrals).
 455 sun.security.krb5.maxReferrals=5
 456 
 457 #
 458 # This property contains a list of disabled EC Named Curves that can be included
 459 # in the jdk.[tls|certpath|jar].disabledAlgorithms properties.  To include this
 460 # list in any of the disabledAlgorithms properties, add the property name as
 461 # an entry.
 462 jdk.disabled.namedCurves = secp112r1, secp112r2, secp128r1, secp128r2, \
 463     secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, \
 464     secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, \
 465     sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, \
 466     sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, \
 467     sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, \
 468     X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, \
 469     X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, \
 470     X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP256r1, \
 471     brainpoolP320r1, brainpoolP384r1, brainpoolP512r1
 472 
 473 #
 474 # Algorithm restrictions for certification path (CertPath) processing
 475 #
 476 # In some environments, certain algorithms or key lengths may be undesirable
 477 # for certification path building and validation.  For example, "MD2" is
 478 # generally no longer considered to be a secure hash algorithm.  This section
 479 # describes the mechanism for disabling algorithms based on algorithm name
 480 # and/or key length.  This includes algorithms used in certificates, as well
 481 # as revocation information such as CRLs and signed OCSP Responses.
 482 # The syntax of the disabled algorithm string is described as follows:
 483 #   DisabledAlgorithms:
 484 #       " DisabledAlgorithm { , DisabledAlgorithm } "
 485 #
 486 #   DisabledAlgorithm:
 487 #       AlgorithmName [Constraint] { '&' Constraint } | IncludeProperty
 488 #
 489 #   AlgorithmName:
 490 #       (see below)
 491 #
 492 #   Constraint:
 493 #       KeySizeConstraint | CAConstraint | DenyAfterConstraint |
 494 #       UsageConstraint
 495 #
 496 #   KeySizeConstraint:
 497 #       keySize Operator KeyLength
 498 #
 499 #   Operator:
 500 #       <= | < | == | != | >= | >
 501 #
 502 #   KeyLength:
 503 #       Integer value of the algorithm's key length in bits
 504 #
 505 #   CAConstraint:
 506 #       jdkCA
 507 #
 508 #   DenyAfterConstraint:
 509 #       denyAfter YYYY-MM-DD
 510 #
 511 #   UsageConstraint:
 512 #       usage [TLSServer] [TLSClient] [SignedJAR]
 513 #
 514 #   IncludeProperty:
 515 #       include <security property>
 516 #
 517 # The "AlgorithmName" is the standard algorithm name of the disabled
 518 # algorithm. See "Java Cryptography Architecture Standard Algorithm Name
 519 # Documentation" for information about Standard Algorithm Names.  Matching
 520 # is performed using a case-insensitive sub-element matching rule.  (For
 521 # example, in "SHA1withECDSA" the sub-elements are "SHA1" for hashing and
 522 # "ECDSA" for signatures.)  If the assertion "AlgorithmName" is a
 523 # sub-element of the certificate algorithm name, the algorithm will be
 524 # rejected during certification path building and validation.  For example,
 525 # the assertion algorithm name "DSA" will disable all certificate algorithms
 526 # that rely on DSA, such as NONEwithDSA, SHA1withDSA.  However, the assertion
 527 # will not disable algorithms related to "ECDSA".
 528 #
 529 # The "IncludeProperty" allows a implementation-defined security property that
 530 # can be included in the disabledAlgorithms properties.  These properties are
 531 # to help manage common actions easier across multiple disabledAlgorithm
 532 # properties.
 533 # There is one defined security property:  jdk.disabled.NamedCurves
 534 # See the property for more specific details.
 535 #
 536 #
 537 # A "Constraint" defines restrictions on the keys and/or certificates for
 538 # a specified AlgorithmName:
 539 #
 540 #   KeySizeConstraint:
 541 #     keySize Operator KeyLength
 542 #       The constraint requires a key of a valid size range if the
 543 #       "AlgorithmName" is of a key algorithm.  The "KeyLength" indicates
 544 #       the key size specified in number of bits.  For example,
 545 #       "RSA keySize <= 1024" indicates that any RSA key with key size less
 546 #       than or equal to 1024 bits should be disabled, and
 547 #       "RSA keySize < 1024, RSA keySize > 2048" indicates that any RSA key
 548 #       with key size less than 1024 or greater than 2048 should be disabled.
 549 #       This constraint is only used on algorithms that have a key size.
 550 #
 551 #   CAConstraint:
 552 #     jdkCA
 553 #       This constraint prohibits the specified algorithm only if the
 554 #       algorithm is used in a certificate chain that terminates at a marked
 555 #       trust anchor in the lib/security/cacerts keystore.  If the jdkCA
 556 #       constraint is not set, then all chains using the specified algorithm


 589 # chain that terminate at a distribution provided trust anchor and contain
 590 # RSA keys that are less than or equal to 1024 bits, add the following
 591 # constraint:  "RSA keySize <= 1024 & jdkCA".
 592 #
 593 # All DisabledAlgorithms expressions are processed in the order defined in the
 594 # property.  This requires lower keysize constraints to be specified
 595 # before larger keysize constraints of the same algorithm.  For example:
 596 # "RSA keySize < 1024 & jdkCA, RSA keySize < 2048".
 597 #
 598 # Note: The algorithm restrictions do not apply to trust anchors or
 599 # self-signed certificates.
 600 #
 601 # Note: This property is currently used by Oracle's PKIX implementation. It
 602 # is not guaranteed to be examined and used by other implementations.
 603 #
 604 # Example:
 605 #   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
 606 #
 607 #
 608 jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
 609     RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
 610     include jdk.disabled.namedCurves
 611 
 612 #
 613 # Algorithm restrictions for signed JAR files
 614 #
 615 # In some environments, certain algorithms or key lengths may be undesirable
 616 # for signed JAR validation.  For example, "MD2" is generally no longer
 617 # considered to be a secure hash algorithm.  This section describes the
 618 # mechanism for disabling algorithms based on algorithm name and/or key length.
 619 # JARs signed with any of the disabled algorithms or key sizes will be treated
 620 # as unsigned.
 621 #
 622 # The syntax of the disabled algorithm string is described as follows:
 623 #   DisabledAlgorithms:
 624 #       " DisabledAlgorithm { , DisabledAlgorithm } "
 625 #
 626 #   DisabledAlgorithm:
 627 #       AlgorithmName [Constraint] { '&' Constraint }
 628 #
 629 #   AlgorithmName:
 630 #       (see below)


 633 #       KeySizeConstraint | DenyAfterConstraint
 634 #
 635 #   KeySizeConstraint:
 636 #       keySize Operator KeyLength
 637 #
 638 #   DenyAfterConstraint:
 639 #       denyAfter YYYY-MM-DD
 640 #
 641 #   Operator:
 642 #       <= | < | == | != | >= | >
 643 #
 644 #   KeyLength:
 645 #       Integer value of the algorithm's key length in bits
 646 #
 647 # Note: This property is currently used by the JDK Reference
 648 # implementation. It is not guaranteed to be examined and used by other
 649 # implementations.
 650 #
 651 # See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
 652 #
 653 jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
 654       DSA keySize < 1024, include jdk.disabled.namedCurves
 655 
 656 #
 657 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security
 658 # (SSL/TLS) processing
 659 #
 660 # In some environments, certain algorithms or key lengths may be undesirable
 661 # when using SSL/TLS.  This section describes the mechanism for disabling
 662 # algorithms during SSL/TLS security parameters negotiation, including
 663 # protocol version negotiation, cipher suites selection, peer authentication
 664 # and key exchange mechanisms.
 665 #
 666 # Disabled algorithms will not be negotiated for SSL/TLS connections, even
 667 # if they are enabled explicitly in an application.
 668 #
 669 # For PKI-based peer authentication and key exchange mechanisms, this list
 670 # of disabled algorithms will also be checked during certification path
 671 # building and validation, including algorithms used in certificates, as
 672 # well as revocation information such as CRLs and signed OCSP Responses.
 673 # This is in addition to the jdk.certpath.disabledAlgorithms property above.
 674 #
 675 # See the specification of "jdk.certpath.disabledAlgorithms" for the
 676 # syntax of the disabled algorithm string.
 677 #
 678 # Note: The algorithm restrictions do not apply to trust anchors or
 679 # self-signed certificates.
 680 #
 681 # Note: This property is currently used by the JDK Reference implementation.
 682 # It is not guaranteed to be examined and used by other implementations.
 683 #
 684 # Example:
 685 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
 686 jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
 687     EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
 688     include jdk.disabled.namedCurves
 689 
 690 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
 691 # processing in JSSE implementation.
 692 #
 693 # In some environments, a certain algorithm may be undesirable but it
 694 # cannot be disabled because of its use in legacy applications.  Legacy
 695 # algorithms may still be supported, but applications should not use them
 696 # as the security strength of legacy algorithms are usually not strong enough
 697 # in practice.
 698 #
 699 # During SSL/TLS security parameters negotiation, legacy algorithms will
 700 # not be negotiated unless there are no other candidates.
 701 #
 702 # The syntax of the legacy algorithms string is described as this Java
 703 # BNF-style:
 704 #   LegacyAlgorithms:
 705 #       " LegacyAlgorithm { , LegacyAlgorithm } "
 706 #
 707 #   LegacyAlgorithm:
 708 #       AlgorithmName (standard JSSE algorithm name)


< prev index next >