961 # It is not guaranteed to be examined and used by other implementations.
962 #
963 #com.sun.CORBA.ORBIorTypeCheckRegistryFilter=binary_class_name;binary_class_name
964
965 #
966 # JCEKS Encrypted Key Serial Filter
967 #
968 # This filter, if configured, is used by the JCEKS KeyStore during the
969 # deserialization of the encrypted Key object stored inside a key entry.
970 # If not configured or the filter result is UNDECIDED (i.e. none of the patterns
971 # matches), the filter configured by jdk.serialFilter will be consulted.
972 #
973 # If the system property jceks.key.serialFilter is also specified, it supersedes
974 # the security property value defined here.
975 #
976 # The filter pattern uses the same format as jdk.serialFilter. The default
977 # pattern allows java.lang.Enum, java.security.KeyRep, java.security.KeyRep$Type,
978 # and javax.crypto.spec.SecretKeySpec and rejects all the others.
979 jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\
980 java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!*
|
961 # It is not guaranteed to be examined and used by other implementations.
962 #
963 #com.sun.CORBA.ORBIorTypeCheckRegistryFilter=binary_class_name;binary_class_name
964
965 #
966 # JCEKS Encrypted Key Serial Filter
967 #
968 # This filter, if configured, is used by the JCEKS KeyStore during the
969 # deserialization of the encrypted Key object stored inside a key entry.
970 # If not configured or the filter result is UNDECIDED (i.e. none of the patterns
971 # matches), the filter configured by jdk.serialFilter will be consulted.
972 #
973 # If the system property jceks.key.serialFilter is also specified, it supersedes
974 # the security property value defined here.
975 #
976 # The filter pattern uses the same format as jdk.serialFilter. The default
977 # pattern allows java.lang.Enum, java.security.KeyRep, java.security.KeyRep$Type,
978 # and javax.crypto.spec.SecretKeySpec and rejects all the others.
979 jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\
980 java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!*
981
982 #
983 # Policies for distrusting Certificate Authorities (CAs).
984 #
985 # This is a comma separated value of one or more case-sensitive strings, each
986 # of which represents a policy for determining if a CA should be distrusted.
987 # The supported values are:
988 #
989 # SYMANTEC_TLS : Distrust TLS Server certificates anchored by
990 # a Symantec root CA and issued after April 16, 2019.
991 #
992 # Leading and trailing whitespace surrounding each value are ignored.
993 # Unknown values are ignored. If the property is commented out or set to the
994 # empty String, no policies are enforced.
995 #
996 # Note: This property is currently used by the JDK Reference implementation.
997 # It is not guaranteed to be supported by other SE implementations. Also, this
998 # property does not override other security properties which can restrict
999 # certificates such as jdk.tls.disabledAlgorithms or
1000 # jdk.certpath.disabledAlgorithms; those restrictions are still enforced even
1001 # if this property is not enabled.
1002 #
1003 jdk.security.caDistrustPolicies=SYMANTEC_TLS
|