666 # Disabled algorithms will not be negotiated for SSL/TLS connections, even
667 # if they are enabled explicitly in an application.
668 #
669 # For PKI-based peer authentication and key exchange mechanisms, this list
670 # of disabled algorithms will also be checked during certification path
671 # building and validation, including algorithms used in certificates, as
672 # well as revocation information such as CRLs and signed OCSP Responses.
673 # This is in addition to the jdk.certpath.disabledAlgorithms property above.
674 #
675 # See the specification of "jdk.certpath.disabledAlgorithms" for the
676 # syntax of the disabled algorithm string.
677 #
678 # Note: The algorithm restrictions do not apply to trust anchors or
679 # self-signed certificates.
680 #
681 # Note: This property is currently used by the JDK Reference implementation.
682 # It is not guaranteed to be examined and used by other implementations.
683 #
684 # Example:
685 # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
686 jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
687 EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
688 include jdk.disabled.namedCurves
689
690 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
691 # processing in JSSE implementation.
692 #
693 # In some environments, a certain algorithm may be undesirable but it
694 # cannot be disabled because of its use in legacy applications. Legacy
695 # algorithms may still be supported, but applications should not use them
696 # as the security strength of legacy algorithms are usually not strong enough
697 # in practice.
698 #
699 # During SSL/TLS security parameters negotiation, legacy algorithms will
700 # not be negotiated unless there are no other candidates.
701 #
702 # The syntax of the legacy algorithms string is described as this Java
703 # BNF-style:
704 # LegacyAlgorithms:
705 # " LegacyAlgorithm { , LegacyAlgorithm } "
706 #
707 # LegacyAlgorithm:
|
666 # Disabled algorithms will not be negotiated for SSL/TLS connections, even
667 # if they are enabled explicitly in an application.
668 #
669 # For PKI-based peer authentication and key exchange mechanisms, this list
670 # of disabled algorithms will also be checked during certification path
671 # building and validation, including algorithms used in certificates, as
672 # well as revocation information such as CRLs and signed OCSP Responses.
673 # This is in addition to the jdk.certpath.disabledAlgorithms property above.
674 #
675 # See the specification of "jdk.certpath.disabledAlgorithms" for the
676 # syntax of the disabled algorithm string.
677 #
678 # Note: The algorithm restrictions do not apply to trust anchors or
679 # self-signed certificates.
680 #
681 # Note: This property is currently used by the JDK Reference implementation.
682 # It is not guaranteed to be examined and used by other implementations.
683 #
684 # Example:
685 # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
686 jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
687 DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
688 include jdk.disabled.namedCurves
689
690 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
691 # processing in JSSE implementation.
692 #
693 # In some environments, a certain algorithm may be undesirable but it
694 # cannot be disabled because of its use in legacy applications. Legacy
695 # algorithms may still be supported, but applications should not use them
696 # as the security strength of legacy algorithms are usually not strong enough
697 # in practice.
698 #
699 # During SSL/TLS security parameters negotiation, legacy algorithms will
700 # not be negotiated unless there are no other candidates.
701 #
702 # The syntax of the legacy algorithms string is described as this Java
703 # BNF-style:
704 # LegacyAlgorithms:
705 # " LegacyAlgorithm { , LegacyAlgorithm } "
706 #
707 # LegacyAlgorithm:
|