< prev index next >

src/java.base/share/conf/security/java.security

Print this page 







 783 # provider's default group parameter is used for each connection.
 784 #
 785 # If the property value does not follow the grammar, or a particular group
 786 # parameter is not valid, the connection will fall back and use the
 787 # underlying JSSE provider's default group parameter.
 788 #
 789 # Note: This property is currently used by OpenJDK's JSSE implementation. It
 790 # is not guaranteed to be examined and used by other implementations.
 791 #
 792 # Example:
 793 #   jdk.tls.server.defaultDHEParameters=
 794 #       { \
 795 #       FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 \
 796 #       29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \
 797 #       EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \
 798 #       E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \
 799 #       EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \
 800 #       FFFFFFFF FFFFFFFF, 2}
 801 
 802 #


































 803 # Cryptographic Jurisdiction Policy defaults
 804 #
 805 # Import and export control rules on cryptographic software vary from
 806 # country to country.  By default, Java provides two different sets of
 807 # cryptographic policy files[1]:
 808 #
 809 #     unlimited:  These policy files contain no restrictions on cryptographic
 810 #                 strengths or algorithms
 811 #
 812 #     limited:    These policy files contain more restricted cryptographic
 813 #                 strengths
 814 #
 815 # The default setting is determined by the value of the "crypto.policy"
 816 # Security property below. If your country or usage requires the
 817 # traditional restrictive policy, the "limited" Java cryptographic
 818 # policy is still available and may be appropriate for your environment.
 819 #
 820 # If you have restrictions that do not fit either use case mentioned
 821 # above, Java provides the capability to customize these policy files.
 822 # The "crypto.policy" security property points to a subdirectory






 783 # provider's default group parameter is used for each connection.
 784 #
 785 # If the property value does not follow the grammar, or a particular group
 786 # parameter is not valid, the connection will fall back and use the
 787 # underlying JSSE provider's default group parameter.
 788 #
 789 # Note: This property is currently used by OpenJDK's JSSE implementation. It
 790 # is not guaranteed to be examined and used by other implementations.
 791 #
 792 # Example:
 793 #   jdk.tls.server.defaultDHEParameters=
 794 #       { \
 795 #       FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 \
 796 #       29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \
 797 #       EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \
 798 #       E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \
 799 #       EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \
 800 #       FFFFFFFF FFFFFFFF, 2}
 801 
 802 #
 803 # TLS key limits on symmetric cryptographic algorithms
 804 #
 805 # This security property sets limits on algorithms key usage in TLS 1.3.
 806 # When the amount of data encrypted exceeds the algorithm value listed below,
 807 # a KeyUpdate message will trigger a key change.  This is for symmetric ciphers
 808 # with TLS 1.3 only.
 809 #
 810 # The syntax for the property is described below:
 811 #   KeyLimits:
 812 #       " KeyLimit { , KeyLimit } "
 813 #
 814 #   WeakKeyLimit:
 815 #       AlgorithmName Action Length
 816 #
 817 #   AlgorithmName:
 818 #       A full algorithm transformation.
 819 #
 820 #   Action:
 821 #       KeyUpdate
 822 #
 823 #   Length:
 824 #       The amount of encrypted data in a session before the Action occurs
 825 #       This value may be an integer value in bytes, or as a power of two, 2^29.
 826 #
 827 #   KeyUpdate:
 828 #       The TLS 1.3 KeyUpdate handshake process begins when the Length amount
 829 #       is fulfilled.
 830 #
 831 # Note: This property is currently used by OpenJDK's JSSE implementation. It
 832 # is not guaranteed to be examined and used by other implementations.
 833 #
 834 jdk.tls.keyLimits=AES/GCM/NoPadding KeyUpdate 2^37
 835 
 836 #
 837 # Cryptographic Jurisdiction Policy defaults
 838 #
 839 # Import and export control rules on cryptographic software vary from
 840 # country to country.  By default, Java provides two different sets of
 841 # cryptographic policy files[1]:
 842 #
 843 #     unlimited:  These policy files contain no restrictions on cryptographic
 844 #                 strengths or algorithms
 845 #
 846 #     limited:    These policy files contain more restricted cryptographic
 847 #                 strengths
 848 #
 849 # The default setting is determined by the value of the "crypto.policy"
 850 # Security property below. If your country or usage requires the
 851 # traditional restrictive policy, the "limited" Java cryptographic
 852 # policy is still available and may be appropriate for your environment.
 853 #
 854 # If you have restrictions that do not fit either use case mentioned
 855 # above, Java provides the capability to customize these policy files.
 856 # The "crypto.policy" security property points to a subdirectory







< prev index next >