664 # Disabled algorithms will not be negotiated for SSL/TLS connections, even
665 # if they are enabled explicitly in an application.
666 #
667 # For PKI-based peer authentication and key exchange mechanisms, this list
668 # of disabled algorithms will also be checked during certification path
669 # building and validation, including algorithms used in certificates, as
670 # well as revocation information such as CRLs and signed OCSP Responses.
671 # This is in addition to the jdk.certpath.disabledAlgorithms property above.
672 #
673 # See the specification of "jdk.certpath.disabledAlgorithms" for the
674 # syntax of the disabled algorithm string.
675 #
676 # Note: The algorithm restrictions do not apply to trust anchors or
677 # self-signed certificates.
678 #
679 # Note: This property is currently used by the JDK Reference implementation.
680 # It is not guaranteed to be examined and used by other implementations.
681 #
682 # Example:
683 # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
684 jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
685 EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
686 include jdk.disabled.namedCurves
687
688 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
689 # processing in JSSE implementation.
690 #
691 # In some environments, a certain algorithm may be undesirable but it
692 # cannot be disabled because of its use in legacy applications. Legacy
693 # algorithms may still be supported, but applications should not use them
694 # as the security strength of legacy algorithms are usually not strong enough
695 # in practice.
696 #
697 # During SSL/TLS security parameters negotiation, legacy algorithms will
698 # not be negotiated unless there are no other candidates.
699 #
700 # The syntax of the legacy algorithms string is described as this Java
701 # BNF-style:
702 # LegacyAlgorithms:
703 # " LegacyAlgorithm { , LegacyAlgorithm } "
704 #
705 # LegacyAlgorithm:
|
664 # Disabled algorithms will not be negotiated for SSL/TLS connections, even
665 # if they are enabled explicitly in an application.
666 #
667 # For PKI-based peer authentication and key exchange mechanisms, this list
668 # of disabled algorithms will also be checked during certification path
669 # building and validation, including algorithms used in certificates, as
670 # well as revocation information such as CRLs and signed OCSP Responses.
671 # This is in addition to the jdk.certpath.disabledAlgorithms property above.
672 #
673 # See the specification of "jdk.certpath.disabledAlgorithms" for the
674 # syntax of the disabled algorithm string.
675 #
676 # Note: The algorithm restrictions do not apply to trust anchors or
677 # self-signed certificates.
678 #
679 # Note: This property is currently used by the JDK Reference implementation.
680 # It is not guaranteed to be examined and used by other implementations.
681 #
682 # Example:
683 # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
684 jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
685 DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
686 include jdk.disabled.namedCurves
687
688 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
689 # processing in JSSE implementation.
690 #
691 # In some environments, a certain algorithm may be undesirable but it
692 # cannot be disabled because of its use in legacy applications. Legacy
693 # algorithms may still be supported, but applications should not use them
694 # as the security strength of legacy algorithms are usually not strong enough
695 # in practice.
696 #
697 # During SSL/TLS security parameters negotiation, legacy algorithms will
698 # not be negotiated unless there are no other candidates.
699 #
700 # The syntax of the legacy algorithms string is described as this Java
701 # BNF-style:
702 # LegacyAlgorithms:
703 # " LegacyAlgorithm { , LegacyAlgorithm } "
704 #
705 # LegacyAlgorithm:
|