< prev index next >

src/share/lib/security/java.security-macosx

Print this page
rev 14346 : 8202343: Disable TLS 1.0 and 1.1
Reviewed-by: xuelei, dfuchs, coffeys, sgehwolf


 666 # Disabled algorithms will not be negotiated for SSL/TLS connections, even
 667 # if they are enabled explicitly in an application.
 668 #
 669 # For PKI-based peer authentication and key exchange mechanisms, this list
 670 # of disabled algorithms will also be checked during certification path
 671 # building and validation, including algorithms used in certificates, as
 672 # well as revocation information such as CRLs and signed OCSP Responses.
 673 # This is in addition to the jdk.certpath.disabledAlgorithms property above.
 674 #
 675 # See the specification of "jdk.certpath.disabledAlgorithms" for the
 676 # syntax of the disabled algorithm string.
 677 #
 678 # Note: The algorithm restrictions do not apply to trust anchors or
 679 # self-signed certificates.
 680 #
 681 # Note: This property is currently used by the JDK Reference implementation.
 682 # It is not guaranteed to be examined and used by other implementations.
 683 #
 684 # Example:
 685 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
 686 jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
 687     EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
 688     include jdk.disabled.namedCurves
 689 
 690 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
 691 # processing in JSSE implementation.
 692 #
 693 # In some environments, a certain algorithm may be undesirable but it
 694 # cannot be disabled because of its use in legacy applications.  Legacy
 695 # algorithms may still be supported, but applications should not use them
 696 # as the security strength of legacy algorithms are usually not strong enough
 697 # in practice.
 698 #
 699 # During SSL/TLS security parameters negotiation, legacy algorithms will
 700 # not be negotiated unless there are no other candidates.
 701 #
 702 # The syntax of the legacy algorithms string is described as this Java
 703 # BNF-style:
 704 #   LegacyAlgorithms:
 705 #       " LegacyAlgorithm { , LegacyAlgorithm } "
 706 #
 707 #   LegacyAlgorithm:




 666 # Disabled algorithms will not be negotiated for SSL/TLS connections, even
 667 # if they are enabled explicitly in an application.
 668 #
 669 # For PKI-based peer authentication and key exchange mechanisms, this list
 670 # of disabled algorithms will also be checked during certification path
 671 # building and validation, including algorithms used in certificates, as
 672 # well as revocation information such as CRLs and signed OCSP Responses.
 673 # This is in addition to the jdk.certpath.disabledAlgorithms property above.
 674 #
 675 # See the specification of "jdk.certpath.disabledAlgorithms" for the
 676 # syntax of the disabled algorithm string.
 677 #
 678 # Note: The algorithm restrictions do not apply to trust anchors or
 679 # self-signed certificates.
 680 #
 681 # Note: This property is currently used by the JDK Reference implementation.
 682 # It is not guaranteed to be examined and used by other implementations.
 683 #
 684 # Example:
 685 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
 686 jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
 687     DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
 688     include jdk.disabled.namedCurves
 689 
 690 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
 691 # processing in JSSE implementation.
 692 #
 693 # In some environments, a certain algorithm may be undesirable but it
 694 # cannot be disabled because of its use in legacy applications.  Legacy
 695 # algorithms may still be supported, but applications should not use them
 696 # as the security strength of legacy algorithms are usually not strong enough
 697 # in practice.
 698 #
 699 # During SSL/TLS security parameters negotiation, legacy algorithms will
 700 # not be negotiated unless there are no other candidates.
 701 #
 702 # The syntax of the legacy algorithms string is described as this Java
 703 # BNF-style:
 704 #   LegacyAlgorithms:
 705 #       " LegacyAlgorithm { , LegacyAlgorithm } "
 706 #
 707 #   LegacyAlgorithm:


< prev index next >