src/share/lib/security/java.security-linux

rev 1547 : 8155973: Tighten jar checks
Reviewed-by: mullan, igerasim, ahgross
rev 1574 : 8162792: Remove constraint DSA keySize < 1024 from jdk.jar.disabledAlgorithms in jdk8
Reviewed-by: ascarpino, mullan
rev 1591 : 8166381: Back out changes to the java.security file to not disable MD5
Reviewed-by: weijun, coffeys

*** 565,569 ****
--- 565,606 ----
  #       EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \
  #       E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \
  #       EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \
  #       FFFFFFFF FFFFFFFF, 2}
  
+ # Algorithm restrictions for signed JAR files
+ #
+ # In some environments, certain algorithms or key lengths may be undesirable
+ # for signed JAR validation.  For example, "MD2" is generally no longer
+ # considered to be a secure hash algorithm.  This section describes the
+ # mechanism for disabling algorithms based on algorithm name and/or key length.
+ # JARs signed with any of the disabled algorithms or key sizes will be treated
+ # as unsigned.
+ #
+ # The syntax of the disabled algorithm string is described as follows:
+ #   DisabledAlgorithms:
+ #       " DisabledAlgorithm { , DisabledAlgorithm } "
+ #
+ #   DisabledAlgorithm:
+ #       AlgorithmName [Constraint]
+ #
+ #   AlgorithmName:
+ #       (see below)
+ #
+ #   Constraint:
+ #       KeySizeConstraint
+ #
+ #   KeySizeConstraint:
+ #       keySize Operator KeyLength
+ #
+ #   Operator:
+ #       <= | < | == | != | >= | >
+ #
+ #   KeyLength:
+ #       Integer value of the algorithm's key length in bits
+ #
+ # Note: This property is currently used by the JDK Reference
+ # implementation. It is not guaranteed to be examined and used by other
+ # implementations.
+ #
+ jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
+