< prev index next >

src/share/lib/security/java.security-solaris

Print this page 
rev 1547 : 8155973: Tighten jar checks
Reviewed-by: mullan, igerasim, ahgross
rev 1574 : 8162792: Remove constraint DSA keySize < 1024 from jdk.jar.disabledAlgorithms in jdk8
Reviewed-by: ascarpino, mullan
rev 1591 : 8166381: Back out changes to the java.security file to not disable MD5
Reviewed-by: weijun, coffeys


 510 # If this property is not defined or the value is empty, the underlying JSSE
 511 # provider's default group parameter is used for each connection.
 512 #
 513 # If the property value does not follow the grammar, or a particular group
 514 # parameter is not valid, the connection will fall back and use the
 515 # underlying JSSE provider's default group parameter.
 516 #
 517 # Note: This property is currently used by OpenJDK's JSSE implementation. It
 518 # is not guaranteed to be examined and used by other implementations.
 519 #
 520 # Example:
 521 #   jdk.tls.server.defaultDHEParameters=
 522 #       { \
 523 #       FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 \
 524 #       29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \
 525 #       EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \
 526 #       E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \
 527 #       EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \
 528 #       FFFFFFFF FFFFFFFF, 2}
 529 





































 530 #
 531 # Serial number of the OCSP responder's certificate
 532 #
 533 # By default, the certificate of the OCSP responder is that of the issuer
 534 # of the certificate being validated. This property identifies the certificate
 535 # of the OCSP responder when the default does not apply. Its value is a string
 536 # of hexadecimal digits (colon or space separators may be present) which
 537 # identifies a certificate in the set of certificates supplied during cert path
 538 # validation. When this property is set then the "ocsp.responderCertIssuerName"
 539 # property must also be set. When the "ocsp.responderCertSubjectName" property
 540 # is set then this property is ignored.
 541 #
 542 # Example,
 543 #   ocsp.responderCertSerialNumber=2A:FF:00
 544 
 545  



 510 # If this property is not defined or the value is empty, the underlying JSSE
 511 # provider's default group parameter is used for each connection.
 512 #
 513 # If the property value does not follow the grammar, or a particular group
 514 # parameter is not valid, the connection will fall back and use the
 515 # underlying JSSE provider's default group parameter.
 516 #
 517 # Note: This property is currently used by OpenJDK's JSSE implementation. It
 518 # is not guaranteed to be examined and used by other implementations.
 519 #
 520 # Example:
 521 #   jdk.tls.server.defaultDHEParameters=
 522 #       { \
 523 #       FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 \
 524 #       29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \
 525 #       EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \
 526 #       E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \
 527 #       EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \
 528 #       FFFFFFFF FFFFFFFF, 2}
 529 
 530 # Algorithm restrictions for signed JAR files
 531 #
 532 # In some environments, certain algorithms or key lengths may be undesirable
 533 # for signed JAR validation.  For example, "MD2" is generally no longer
 534 # considered to be a secure hash algorithm.  This section describes the
 535 # mechanism for disabling algorithms based on algorithm name and/or key length.
 536 # JARs signed with any of the disabled algorithms or key sizes will be treated
 537 # as unsigned.
 538 #
 539 # The syntax of the disabled algorithm string is described as follows:
 540 #   DisabledAlgorithms:
 541 #       " DisabledAlgorithm { , DisabledAlgorithm } "
 542 #
 543 #   DisabledAlgorithm:
 544 #       AlgorithmName [Constraint]
 545 #
 546 #   AlgorithmName:
 547 #       (see below)
 548 #
 549 #   Constraint:
 550 #       KeySizeConstraint
 551 #
 552 #   KeySizeConstraint:
 553 #       keySize Operator KeyLength
 554 #
 555 #   Operator:
 556 #       <= | < | == | != | >= | >
 557 #
 558 #   KeyLength:
 559 #       Integer value of the algorithm's key length in bits
 560 #
 561 # Note: This property is currently used by the JDK Reference
 562 # implementation. It is not guaranteed to be examined and used by other
 563 # implementations.
 564 #
 565 jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
 566 
 567 #
 568 # Serial number of the OCSP responder's certificate
 569 #
 570 # By default, the certificate of the OCSP responder is that of the issuer
 571 # of the certificate being validated. This property identifies the certificate
 572 # of the OCSP responder when the default does not apply. Its value is a string
 573 # of hexadecimal digits (colon or space separators may be present) which
 574 # identifies a certificate in the set of certificates supplied during cert path
 575 # validation. When this property is set then the "ocsp.responderCertIssuerName"
 576 # property must also be set. When the "ocsp.responderCertSubjectName" property
 577 # is set then this property is ignored.
 578 #
 579 # Example,
 580 #   ocsp.responderCertSerialNumber=2A:FF:00
 581 
 582
< prev index next >