< prev index next >

src/share/lib/security/java.security-aix

Print this page 
rev 13446 : 8207258: Distrust TLS server certificates anchored by Symantec Root CAs


 958 # It is not guaranteed to be examined and used by other implementations.
 959 #
 960 #com.sun.CORBA.ORBIorTypeCheckRegistryFilter=binary_class_name;binary_class_name
 961 
 962 #
 963 # JCEKS Encrypted Key Serial Filter
 964 #
 965 # This filter, if configured, is used by the JCEKS KeyStore during the
 966 # deserialization of the encrypted Key object stored inside a key entry.
 967 # If not configured or the filter result is UNDECIDED (i.e. none of the patterns
 968 # matches), the filter configured by jdk.serialFilter will be consulted.
 969 #
 970 # If the system property jceks.key.serialFilter is also specified, it supersedes
 971 # the security property value defined here.
 972 #
 973 # The filter pattern uses the same format as jdk.serialFilter. The default
 974 # pattern allows java.lang.Enum, java.security.KeyRep, java.security.KeyRep$Type,
 975 # and javax.crypto.spec.SecretKeySpec and rejects all the others.
 976 jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\
 977   java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!*


























 958 # It is not guaranteed to be examined and used by other implementations.
 959 #
 960 #com.sun.CORBA.ORBIorTypeCheckRegistryFilter=binary_class_name;binary_class_name
 961 
 962 #
 963 # JCEKS Encrypted Key Serial Filter
 964 #
 965 # This filter, if configured, is used by the JCEKS KeyStore during the
 966 # deserialization of the encrypted Key object stored inside a key entry.
 967 # If not configured or the filter result is UNDECIDED (i.e. none of the patterns
 968 # matches), the filter configured by jdk.serialFilter will be consulted.
 969 #
 970 # If the system property jceks.key.serialFilter is also specified, it supersedes
 971 # the security property value defined here.
 972 #
 973 # The filter pattern uses the same format as jdk.serialFilter. The default
 974 # pattern allows java.lang.Enum, java.security.KeyRep, java.security.KeyRep$Type,
 975 # and javax.crypto.spec.SecretKeySpec and rejects all the others.
 976 jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\
 977   java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!*
 978 
 979 #
 980 # Policies for distrusting Certificate Authorities (CAs).
 981 #
 982 # This is a comma separated value of one or more case-sensitive strings, each
 983 # of which represents a policy for determining if a CA should be distrusted.
 984 # The supported values are:
 985 #
 986 # SYMANTEC_TLS : Distrust TLS Server certificates anchored by
 987 #                a Symantec root CA and issued after April 16, 2019.
 988 #
 989 # Leading and trailing whitespace surrounding each value are ignored.
 990 # Unknown values are ignored. If the property is commented out or set to the
 991 # empty String, no policies are enforced.
 992 #
 993 # Note: This property is currently used by the JDK Reference implementation.
 994 # It is not guaranteed to be supported by other SE implementations. Also, this
 995 # property does not override other security properties which can restrict
 996 # certificates such as jdk.tls.disabledAlgorithms or
 997 # jdk.certpath.disabledAlgorithms; those restrictions are still enforced even
 998 # if this property is not enabled.
 999 #
1000 jdk.security.caDistrustPolicies=SYMANTEC_TLS
< prev index next >