663 # Disabled algorithms will not be negotiated for SSL/TLS connections, even
664 # if they are enabled explicitly in an application.
665 #
666 # For PKI-based peer authentication and key exchange mechanisms, this list
667 # of disabled algorithms will also be checked during certification path
668 # building and validation, including algorithms used in certificates, as
669 # well as revocation information such as CRLs and signed OCSP Responses.
670 # This is in addition to the jdk.certpath.disabledAlgorithms property above.
671 #
672 # See the specification of "jdk.certpath.disabledAlgorithms" for the
673 # syntax of the disabled algorithm string.
674 #
675 # Note: The algorithm restrictions do not apply to trust anchors or
676 # self-signed certificates.
677 #
678 # Note: This property is currently used by the JDK Reference implementation.
679 # It is not guaranteed to be examined and used by other implementations.
680 #
681 # Example:
682 # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
683 jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
684 EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
685 include jdk.disabled.namedCurves
686
687 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
688 # processing in JSSE implementation.
689 #
690 # In some environments, a certain algorithm may be undesirable but it
691 # cannot be disabled because of its use in legacy applications. Legacy
692 # algorithms may still be supported, but applications should not use them
693 # as the security strength of legacy algorithms are usually not strong enough
694 # in practice.
695 #
696 # During SSL/TLS security parameters negotiation, legacy algorithms will
697 # not be negotiated unless there are no other candidates.
698 #
699 # The syntax of the legacy algorithms string is described as this Java
700 # BNF-style:
701 # LegacyAlgorithms:
702 # " LegacyAlgorithm { , LegacyAlgorithm } "
703 #
704 # LegacyAlgorithm:
|
663 # Disabled algorithms will not be negotiated for SSL/TLS connections, even
664 # if they are enabled explicitly in an application.
665 #
666 # For PKI-based peer authentication and key exchange mechanisms, this list
667 # of disabled algorithms will also be checked during certification path
668 # building and validation, including algorithms used in certificates, as
669 # well as revocation information such as CRLs and signed OCSP Responses.
670 # This is in addition to the jdk.certpath.disabledAlgorithms property above.
671 #
672 # See the specification of "jdk.certpath.disabledAlgorithms" for the
673 # syntax of the disabled algorithm string.
674 #
675 # Note: The algorithm restrictions do not apply to trust anchors or
676 # self-signed certificates.
677 #
678 # Note: This property is currently used by the JDK Reference implementation.
679 # It is not guaranteed to be examined and used by other implementations.
680 #
681 # Example:
682 # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
683 jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
684 DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
685 include jdk.disabled.namedCurves
686
687 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
688 # processing in JSSE implementation.
689 #
690 # In some environments, a certain algorithm may be undesirable but it
691 # cannot be disabled because of its use in legacy applications. Legacy
692 # algorithms may still be supported, but applications should not use them
693 # as the security strength of legacy algorithms are usually not strong enough
694 # in practice.
695 #
696 # During SSL/TLS security parameters negotiation, legacy algorithms will
697 # not be negotiated unless there are no other candidates.
698 #
699 # The syntax of the legacy algorithms string is described as this Java
700 # BNF-style:
701 # LegacyAlgorithms:
702 # " LegacyAlgorithm { , LegacyAlgorithm } "
703 #
704 # LegacyAlgorithm:
|