< prev index next >
src/share/lib/security/java.security-linux
Print this page
rev 12009 : [mq]: 8167591-Add-MD5-to-signed-JAR-restrictions
*** 481,490 ****
--- 481,527 ----
# jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
#
#
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
+ # Algorithm restrictions for signed JAR files
+ #
+ # In some environments, certain algorithms or key lengths may be undesirable
+ # for signed JAR validation. For example, "MD2" is generally no longer
+ # considered to be a secure hash algorithm. This section describes the
+ # mechanism for disabling algorithms based on algorithm name and/or key length.
+ # JARs signed with any of the disabled algorithms or key sizes will be treated
+ # as unsigned.
+ #
+ # The syntax of the disabled algorithm string is described as follows:
+ # DisabledAlgorithms:
+ # " DisabledAlgorithm { , DisabledAlgorithm } "
+ #
+ # DisabledAlgorithm:
+ # AlgorithmName [Constraint]
+ #
+ # AlgorithmName:
+ # (see below)
+ #
+ # Constraint:
+ # KeySizeConstraint
+ #
+ # KeySizeConstraint:
+ # keySize Operator KeyLength
+ #
+ # Operator:
+ # <= | < | == | != | >= | >
+ #
+ # KeyLength:
+ # Integer value of the algorithm's key length in bits
+ #
+ # Note: This property is currently used by the JDK Reference
+ # implementation. It is not guaranteed to be examined and used by other
+ # implementations.
+ #
+ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
+
# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
# (SSL/TLS) processing
#
# In some environments, certain algorithms or key lengths may be undesirable
# when using SSL/TLS. This section describes the mechanism for disabling
*** 622,663 ****
# 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \
# EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \
# E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \
# EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \
# FFFFFFFF FFFFFFFF, 2}
-
- # Algorithm restrictions for signed JAR files
- #
- # In some environments, certain algorithms or key lengths may be undesirable
- # for signed JAR validation. For example, "MD2" is generally no longer
- # considered to be a secure hash algorithm. This section describes the
- # mechanism for disabling algorithms based on algorithm name and/or key length.
- # JARs signed with any of the disabled algorithms or key sizes will be treated
- # as unsigned.
- #
- # The syntax of the disabled algorithm string is described as follows:
- # DisabledAlgorithms:
- # " DisabledAlgorithm { , DisabledAlgorithm } "
- #
- # DisabledAlgorithm:
- # AlgorithmName [Constraint]
- #
- # AlgorithmName:
- # (see below)
- #
- # Constraint:
- # KeySizeConstraint
- #
- # KeySizeConstraint:
- # keySize Operator KeyLength
- #
- # Operator:
- # <= | < | == | != | >= | >
- #
- # KeyLength:
- # Integer value of the algorithm's key length in bits
- #
- # Note: This property is currently used by the JDK Reference
- # implementation. It is not guaranteed to be examined and used by other
- # implementations.
- #
- jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
--- 659,663 ----
< prev index next >