< prev index next >

src/share/lib/security/java.security-solaris

Print this page 
rev 12525 : 8157561: Ship the unlimited policy files in JDK Updates
Reviewed-by: wetmore, erikj


 720 # If this property is not defined or the value is empty, the underlying JSSE
 721 # provider's default group parameter is used for each connection.
 722 #
 723 # If the property value does not follow the grammar, or a particular group
 724 # parameter is not valid, the connection will fall back and use the
 725 # underlying JSSE provider's default group parameter.
 726 #
 727 # Note: This property is currently used by OpenJDK's JSSE implementation. It
 728 # is not guaranteed to be examined and used by other implementations.
 729 #
 730 # Example:
 731 #   jdk.tls.server.defaultDHEParameters=
 732 #       { \
 733 #       FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 \
 734 #       29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \
 735 #       EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \
 736 #       E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \
 737 #       EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \
 738 #       FFFFFFFF FFFFFFFF, 2}
 739 

































































 740 #
 741 # The policy for the XML Signature secure validation mode. The mode is
 742 # enabled by setting the property "org.jcp.xml.dsig.secureValidation" to
 743 # true with the javax.xml.crypto.XMLCryptoContext.setProperty() method,
 744 # or by running the code with a SecurityManager.
 745 #
 746 #   Policy:
 747 #       Constraint {"," Constraint }
 748 #   Constraint:
 749 #       AlgConstraint | MaxTransformsConstraint | MaxReferencesConstraint |
 750 #       ReferenceUriSchemeConstraint | KeySizeConstraint | OtherConstraint
 751 #   AlgConstraint
 752 #       "disallowAlg" Uri
 753 #   MaxTransformsConstraint:
 754 #       "maxTransforms" Integer
 755 #   MaxReferencesConstraint:
 756 #       "maxReferences" Integer
 757 #   ReferenceUriSchemeConstraint:
 758 #       "disallowReferenceUriSchemes" String { String }
 759 #   KeySizeConstraint:




 720 # If this property is not defined or the value is empty, the underlying JSSE
 721 # provider's default group parameter is used for each connection.
 722 #
 723 # If the property value does not follow the grammar, or a particular group
 724 # parameter is not valid, the connection will fall back and use the
 725 # underlying JSSE provider's default group parameter.
 726 #
 727 # Note: This property is currently used by OpenJDK's JSSE implementation. It
 728 # is not guaranteed to be examined and used by other implementations.
 729 #
 730 # Example:
 731 #   jdk.tls.server.defaultDHEParameters=
 732 #       { \
 733 #       FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 \
 734 #       29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \
 735 #       EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \
 736 #       E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \
 737 #       EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \
 738 #       FFFFFFFF FFFFFFFF, 2}
 739 
 740 # Cryptographic Jurisdiction Policy defaults
 741 #
 742 # Due to the import control restrictions of some countries, the default
 743 # JCE policy files allow for strong but "limited" cryptographic key
 744 # lengths to be used.  If your country's cryptographic regulations allow,
 745 # the "unlimited" strength policy files can be used instead, which contain
 746 # no restrictions on cryptographic strengths.
 747 #
 748 # YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY
 749 # TO DETERMINE THE EXACT REQUIREMENTS.
 750 #
 751 # <java-home> (below) refers to the directory where the JRE was
 752 # installed. It is determined based on whether you are running JCE
 753 # on a JRE or a JRE contained within the Java Development Kit, or
 754 # JDK(TM). The JDK contains the JRE, but at a different level in the
 755 # file hierarchy. For example, if the JDK is installed in
 756 # /home/user1/jdk1.8.0 on Unix or in C:\jdk1.8.0 on Windows, then
 757 # <java-home> is:
 758 #
 759 #  /home/user1/jdk1.8.0/jre           [Unix]
 760 #  C:\jdk1.8.0\jre                    [Windows]
 761 #
 762 # If on the other hand the JRE is installed in /home/user1/jre1.8.0
 763 # on Unix or in C:\jre1.8.0 on Windows, and the JDK is not
 764 # installed, then <java-home> is:
 765 #
 766 #  /home/user1/jre1.8.0               [Unix]
 767 #  C:\jre1.8.0                        [Windows]
 768 #
 769 # On Windows, for each JDK installation, there may be additional
 770 # JREs installed under the "Program Files" directory. Please make
 771 # sure that you install the unlimited strength policy JAR files
 772 # for all JREs that you plan to use.
 773 #
 774 # The policy files are jar files organized into subdirectories of
 775 # <java-home>/lib/security/policy.  Each directory contains a complete
 776 # set of policy files.
 777 #
 778 # The "crypto.policy" Security property controls the directory selection,
 779 # and thus the effective cryptographic policy.
 780 #
 781 # The default set of directories is:
 782 #
 783 #     limited | unlimited
 784 #
 785 # however other directories can be created and configured.
 786 #
 787 # To support older JDK Update releases, the crypto.policy property
 788 # is not defined by default. When the property is not defined, an
 789 # update release binary aware of the new property will use the following
 790 # logic to decide what crypto policy files get used :
 791 #
 792 # * If the US_export_policy.jar and local_policy.jar files are located
 793 # in the (legacy) <java-home>/lib/security directory, then the rules
 794 # embedded in those jar files will be used. This helps preserve compatibility
 795 # for users upgrading from an older installation.
 796 #
 797 # * If crypto.policy is not defined and no such jar files are present in
 798 # the legacy locations, then the JDK will use the limited settings
 799 # (equivalent to crypto.policy=limited)
 800 #
 801 # Please see the JCA documentation for additional information on these
 802 # files and formats.
 803 #crypto.policy=unlimited
 804 
 805 #
 806 # The policy for the XML Signature secure validation mode. The mode is
 807 # enabled by setting the property "org.jcp.xml.dsig.secureValidation" to
 808 # true with the javax.xml.crypto.XMLCryptoContext.setProperty() method,
 809 # or by running the code with a SecurityManager.
 810 #
 811 #   Policy:
 812 #       Constraint {"," Constraint }
 813 #   Constraint:
 814 #       AlgConstraint | MaxTransformsConstraint | MaxReferencesConstraint |
 815 #       ReferenceUriSchemeConstraint | KeySizeConstraint | OtherConstraint
 816 #   AlgConstraint
 817 #       "disallowAlg" Uri
 818 #   MaxTransformsConstraint:
 819 #       "maxTransforms" Integer
 820 #   MaxReferencesConstraint:
 821 #       "maxReferences" Integer
 822 #   ReferenceUriSchemeConstraint:
 823 #       "disallowReferenceUriSchemes" String { String }
 824 #   KeySizeConstraint:
< prev index next >