< prev index next >

src/share/lib/security/java.security-linux

Print this page 
rev 12525 : 8157561: Ship the unlimited policy files in JDK Updates
Reviewed-by: wetmore, erikj


 718 # If this property is not defined or the value is empty, the underlying JSSE
 719 # provider's default group parameter is used for each connection.
 720 #
 721 # If the property value does not follow the grammar, or a particular group
 722 # parameter is not valid, the connection will fall back and use the
 723 # underlying JSSE provider's default group parameter.
 724 #
 725 # Note: This property is currently used by OpenJDK's JSSE implementation. It
 726 # is not guaranteed to be examined and used by other implementations.
 727 #
 728 # Example:
 729 #   jdk.tls.server.defaultDHEParameters=
 730 #       { \
 731 #       FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 \
 732 #       29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \
 733 #       EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \
 734 #       E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \
 735 #       EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \
 736 #       FFFFFFFF FFFFFFFF, 2}
 737 

































































 738 #
 739 # The policy for the XML Signature secure validation mode. The mode is
 740 # enabled by setting the property "org.jcp.xml.dsig.secureValidation" to
 741 # true with the javax.xml.crypto.XMLCryptoContext.setProperty() method,
 742 # or by running the code with a SecurityManager.
 743 #
 744 #   Policy:
 745 #       Constraint {"," Constraint }
 746 #   Constraint:
 747 #       AlgConstraint | MaxTransformsConstraint | MaxReferencesConstraint |
 748 #       ReferenceUriSchemeConstraint | KeySizeConstraint | OtherConstraint
 749 #   AlgConstraint
 750 #       "disallowAlg" Uri
 751 #   MaxTransformsConstraint:
 752 #       "maxTransforms" Integer
 753 #   MaxReferencesConstraint:
 754 #       "maxReferences" Integer
 755 #   ReferenceUriSchemeConstraint:
 756 #       "disallowReferenceUriSchemes" String { String }
 757 #   KeySizeConstraint:




 718 # If this property is not defined or the value is empty, the underlying JSSE
 719 # provider's default group parameter is used for each connection.
 720 #
 721 # If the property value does not follow the grammar, or a particular group
 722 # parameter is not valid, the connection will fall back and use the
 723 # underlying JSSE provider's default group parameter.
 724 #
 725 # Note: This property is currently used by OpenJDK's JSSE implementation. It
 726 # is not guaranteed to be examined and used by other implementations.
 727 #
 728 # Example:
 729 #   jdk.tls.server.defaultDHEParameters=
 730 #       { \
 731 #       FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 \
 732 #       29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \
 733 #       EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \
 734 #       E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \
 735 #       EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \
 736 #       FFFFFFFF FFFFFFFF, 2}
 737 
 738 # Cryptographic Jurisdiction Policy defaults
 739 #
 740 # Due to the import control restrictions of some countries, the default
 741 # JCE policy files allow for strong but "limited" cryptographic key
 742 # lengths to be used.  If your country's cryptographic regulations allow,
 743 # the "unlimited" strength policy files can be used instead, which contain
 744 # no restrictions on cryptographic strengths.
 745 #
 746 # YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY
 747 # TO DETERMINE THE EXACT REQUIREMENTS.
 748 #
 749 # <java-home> (below) refers to the directory where the JRE was
 750 # installed. It is determined based on whether you are running JCE
 751 # on a JRE or a JRE contained within the Java Development Kit, or
 752 # JDK(TM). The JDK contains the JRE, but at a different level in the
 753 # file hierarchy. For example, if the JDK is installed in
 754 # /home/user1/jdk1.8.0 on Unix or in C:\jdk1.8.0 on Windows, then
 755 # <java-home> is:
 756 #
 757 #  /home/user1/jdk1.8.0/jre           [Unix]
 758 #  C:\jdk1.8.0\jre                    [Windows]
 759 #
 760 # If on the other hand the JRE is installed in /home/user1/jre1.8.0
 761 # on Unix or in C:\jre1.8.0 on Windows, and the JDK is not
 762 # installed, then <java-home> is:
 763 #
 764 #  /home/user1/jre1.8.0               [Unix]
 765 #  C:\jre1.8.0                        [Windows]
 766 #
 767 # On Windows, for each JDK installation, there may be additional
 768 # JREs installed under the "Program Files" directory. Please make
 769 # sure that you install the unlimited strength policy JAR files
 770 # for all JREs that you plan to use.
 771 #
 772 # The policy files are jar files organized into subdirectories of
 773 # <java-home>/lib/security/policy.  Each directory contains a complete
 774 # set of policy files.
 775 #
 776 # The "crypto.policy" Security property controls the directory selection,
 777 # and thus the effective cryptographic policy.
 778 #
 779 # The default set of directories is:
 780 #
 781 #     limited | unlimited
 782 #
 783 # however other directories can be created and configured.
 784 #
 785 # To support older JDK Update releases, the crypto.policy property
 786 # is not defined by default. When the property is not defined, an
 787 # update release binary aware of the new property will use the following
 788 # logic to decide what crypto policy files get used :
 789 #
 790 # * If the US_export_policy.jar and local_policy.jar files are located
 791 # in the (legacy) <java-home>/lib/security directory, then the rules
 792 # embedded in those jar files will be used. This helps preserve compatibility
 793 # for users upgrading from an older installation.
 794 #
 795 # * If crypto.policy is not defined and no such jar files are present in
 796 # the legacy locations, then the JDK will use the limited settings
 797 # (equivalent to crypto.policy=limited)
 798 #
 799 # Please see the JCA documentation for additional information on these
 800 # files and formats.
 801 #crypto.policy=unlimited
 802 
 803 #
 804 # The policy for the XML Signature secure validation mode. The mode is
 805 # enabled by setting the property "org.jcp.xml.dsig.secureValidation" to
 806 # true with the javax.xml.crypto.XMLCryptoContext.setProperty() method,
 807 # or by running the code with a SecurityManager.
 808 #
 809 #   Policy:
 810 #       Constraint {"," Constraint }
 811 #   Constraint:
 812 #       AlgConstraint | MaxTransformsConstraint | MaxReferencesConstraint |
 813 #       ReferenceUriSchemeConstraint | KeySizeConstraint | OtherConstraint
 814 #   AlgConstraint
 815 #       "disallowAlg" Uri
 816 #   MaxTransformsConstraint:
 817 #       "maxTransforms" Integer
 818 #   MaxReferencesConstraint:
 819 #       "maxReferences" Integer
 820 #   ReferenceUriSchemeConstraint:
 821 #       "disallowReferenceUriSchemes" String { String }
 822 #   KeySizeConstraint:
< prev index next >