510 # If this property is not defined or the value is empty, the underlying JSSE
511 # provider's default group parameter is used for each connection.
512 #
513 # If the property value does not follow the grammar, or a particular group
514 # parameter is not valid, the connection will fall back and use the
515 # underlying JSSE provider's default group parameter.
516 #
517 # Note: This property is currently used by OpenJDK's JSSE implementation. It
518 # is not guaranteed to be examined and used by other implementations.
519 #
520 # Example:
521 # jdk.tls.server.defaultDHEParameters=
522 # { \
523 # FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 \
524 # 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \
525 # EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \
526 # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \
527 # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \
528 # FFFFFFFF FFFFFFFF, 2}
529
530 #
531 # Serial number of the OCSP responder's certificate
532 #
533 # By default, the certificate of the OCSP responder is that of the issuer
534 # of the certificate being validated. This property identifies the certificate
535 # of the OCSP responder when the default does not apply. Its value is a string
536 # of hexadecimal digits (colon or space separators may be present) which
537 # identifies a certificate in the set of certificates supplied during cert path
538 # validation. When this property is set then the "ocsp.responderCertIssuerName"
539 # property must also be set. When the "ocsp.responderCertSubjectName" property
540 # is set then this property is ignored.
541 #
542 # Example,
543 # ocsp.responderCertSerialNumber=2A:FF:00
544
545
|
510 # If this property is not defined or the value is empty, the underlying JSSE
511 # provider's default group parameter is used for each connection.
512 #
513 # If the property value does not follow the grammar, or a particular group
514 # parameter is not valid, the connection will fall back and use the
515 # underlying JSSE provider's default group parameter.
516 #
517 # Note: This property is currently used by OpenJDK's JSSE implementation. It
518 # is not guaranteed to be examined and used by other implementations.
519 #
520 # Example:
521 # jdk.tls.server.defaultDHEParameters=
522 # { \
523 # FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 \
524 # 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \
525 # EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \
526 # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \
527 # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \
528 # FFFFFFFF FFFFFFFF, 2}
529
530 # Algorithm restrictions for signed JAR files
531 #
532 # In some environments, certain algorithms or key lengths may be undesirable
533 # for signed JAR validation. For example, "MD2" is generally no longer
534 # considered to be a secure hash algorithm. This section describes the
535 # mechanism for disabling algorithms based on algorithm name and/or key length.
536 # JARs signed with any of the disabled algorithms or key sizes will be treated
537 # as unsigned.
538 #
539 # The syntax of the disabled algorithm string is described as follows:
540 # DisabledAlgorithms:
541 # " DisabledAlgorithm { , DisabledAlgorithm } "
542 #
543 # DisabledAlgorithm:
544 # AlgorithmName [Constraint]
545 #
546 # AlgorithmName:
547 # (see below)
548 #
549 # Constraint:
550 # KeySizeConstraint
551 #
552 # KeySizeConstraint:
553 # keySize Operator KeyLength
554 #
555 # Operator:
556 # <= | < | == | != | >= | >
557 #
558 # KeyLength:
559 # Integer value of the algorithm's key length in bits
560 #
561 # Note: This property is currently used by the JDK Reference
562 # implementation. It is not guaranteed to be examined and used by other
563 # implementations.
564 #
565 jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
566
567 #
568 # Serial number of the OCSP responder's certificate
569 #
570 # By default, the certificate of the OCSP responder is that of the issuer
571 # of the certificate being validated. This property identifies the certificate
572 # of the OCSP responder when the default does not apply. Its value is a string
573 # of hexadecimal digits (colon or space separators may be present) which
574 # identifies a certificate in the set of certificates supplied during cert path
575 # validation. When this property is set then the "ocsp.responderCertIssuerName"
576 # property must also be set. When the "ocsp.responderCertSubjectName" property
577 # is set then this property is ignored.
578 #
579 # Example,
580 # ocsp.responderCertSerialNumber=2A:FF:00
581
582
|