< prev index next >

src/share/lib/security/java.security-windows

Print this page 
rev 12525 : 8157561: Ship the unlimited policy files in JDK Updates
Reviewed-by: wetmore, erikj


 721 # If this property is not defined or the value is empty, the underlying JSSE
 722 # provider's default group parameter is used for each connection.
 723 #
 724 # If the property value does not follow the grammar, or a particular group
 725 # parameter is not valid, the connection will fall back and use the
 726 # underlying JSSE provider's default group parameter.
 727 #
 728 # Note: This property is currently used by OpenJDK's JSSE implementation. It
 729 # is not guaranteed to be examined and used by other implementations.
 730 #
 731 # Example:
 732 #   jdk.tls.server.defaultDHEParameters=
 733 #       { \
 734 #       FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 \
 735 #       29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \
 736 #       EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \
 737 #       E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \
 738 #       EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \
 739 #       FFFFFFFF FFFFFFFF, 2}
 740 

































































 741 #
 742 # The policy for the XML Signature secure validation mode. The mode is
 743 # enabled by setting the property "org.jcp.xml.dsig.secureValidation" to
 744 # true with the javax.xml.crypto.XMLCryptoContext.setProperty() method,
 745 # or by running the code with a SecurityManager.
 746 #
 747 #   Policy:
 748 #       Constraint {"," Constraint }
 749 #   Constraint:
 750 #       AlgConstraint | MaxTransformsConstraint | MaxReferencesConstraint |
 751 #       ReferenceUriSchemeConstraint | KeySizeConstraint | OtherConstraint
 752 #   AlgConstraint
 753 #       "disallowAlg" Uri
 754 #   MaxTransformsConstraint:
 755 #       "maxTransforms" Integer
 756 #   MaxReferencesConstraint:
 757 #       "maxReferences" Integer
 758 #   ReferenceUriSchemeConstraint:
 759 #       "disallowReferenceUriSchemes" String { String }
 760 #   KeySizeConstraint:




 721 # If this property is not defined or the value is empty, the underlying JSSE
 722 # provider's default group parameter is used for each connection.
 723 #
 724 # If the property value does not follow the grammar, or a particular group
 725 # parameter is not valid, the connection will fall back and use the
 726 # underlying JSSE provider's default group parameter.
 727 #
 728 # Note: This property is currently used by OpenJDK's JSSE implementation. It
 729 # is not guaranteed to be examined and used by other implementations.
 730 #
 731 # Example:
 732 #   jdk.tls.server.defaultDHEParameters=
 733 #       { \
 734 #       FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 \
 735 #       29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \
 736 #       EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \
 737 #       E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \
 738 #       EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \
 739 #       FFFFFFFF FFFFFFFF, 2}
 740 
 741 # Cryptographic Jurisdiction Policy defaults
 742 #
 743 # Due to the import control restrictions of some countries, the default
 744 # JCE policy files allow for strong but "limited" cryptographic key
 745 # lengths to be used.  If your country's cryptographic regulations allow,
 746 # the "unlimited" strength policy files can be used instead, which contain
 747 # no restrictions on cryptographic strengths.
 748 #
 749 # YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY
 750 # TO DETERMINE THE EXACT REQUIREMENTS.
 751 #
 752 # <java-home> (below) refers to the directory where the JRE was
 753 # installed. It is determined based on whether you are running JCE
 754 # on a JRE or a JRE contained within the Java Development Kit, or
 755 # JDK(TM). The JDK contains the JRE, but at a different level in the
 756 # file hierarchy. For example, if the JDK is installed in
 757 # /home/user1/jdk1.8.0 on Unix or in C:\jdk1.8.0 on Windows, then
 758 # <java-home> is:
 759 #
 760 #  /home/user1/jdk1.8.0/jre           [Unix]
 761 #  C:\jdk1.8.0\jre                    [Windows]
 762 #
 763 # If on the other hand the JRE is installed in /home/user1/jre1.8.0
 764 # on Unix or in C:\jre1.8.0 on Windows, and the JDK is not
 765 # installed, then <java-home> is:
 766 #
 767 #  /home/user1/jre1.8.0               [Unix]
 768 #  C:\jre1.8.0                        [Windows]
 769 #
 770 # On Windows, for each JDK installation, there may be additional
 771 # JREs installed under the "Program Files" directory. Please make
 772 # sure that you install the unlimited strength policy JAR files
 773 # for all JREs that you plan to use.
 774 #
 775 # The policy files are jar files organized into subdirectories of
 776 # <java-home>/lib/security/policy.  Each directory contains a complete
 777 # set of policy files.
 778 #
 779 # The "crypto.policy" Security property controls the directory selection,
 780 # and thus the effective cryptographic policy.
 781 #
 782 # The default set of directories is:
 783 #
 784 #     limited | unlimited
 785 #
 786 # however other directories can be created and configured.
 787 #
 788 # To support older JDK Update releases, the crypto.policy property
 789 # is not defined by default. When the property is not defined, an
 790 # update release binary aware of the new property will use the following
 791 # logic to decide what crypto policy files get used :
 792 #
 793 # * If the US_export_policy.jar and local_policy.jar files are located
 794 # in the (legacy) <java-home>/lib/security directory, then the rules
 795 # embedded in those jar files will be used. This helps preserve compatibility
 796 # for users upgrading from an older installation.
 797 #
 798 # * If crypto.policy is not defined and no such jar files are present in
 799 # the legacy locations, then the JDK will use the limited settings
 800 # (equivalent to crypto.policy=limited)
 801 #
 802 # Please see the JCA documentation for additional information on these
 803 # files and formats.
 804 #crypto.policy=unlimited
 805 
 806 #
 807 # The policy for the XML Signature secure validation mode. The mode is
 808 # enabled by setting the property "org.jcp.xml.dsig.secureValidation" to
 809 # true with the javax.xml.crypto.XMLCryptoContext.setProperty() method,
 810 # or by running the code with a SecurityManager.
 811 #
 812 #   Policy:
 813 #       Constraint {"," Constraint }
 814 #   Constraint:
 815 #       AlgConstraint | MaxTransformsConstraint | MaxReferencesConstraint |
 816 #       ReferenceUriSchemeConstraint | KeySizeConstraint | OtherConstraint
 817 #   AlgConstraint
 818 #       "disallowAlg" Uri
 819 #   MaxTransformsConstraint:
 820 #       "maxTransforms" Integer
 821 #   MaxReferencesConstraint:
 822 #       "maxReferences" Integer
 823 #   ReferenceUriSchemeConstraint:
 824 #       "disallowReferenceUriSchemes" String { String }
 825 #   KeySizeConstraint:
< prev index next >