783 # provider's default group parameter is used for each connection. 784 # 785 # If the property value does not follow the grammar, or a particular group 786 # parameter is not valid, the connection will fall back and use the 787 # underlying JSSE provider's default group parameter. 788 # 789 # Note: This property is currently used by OpenJDK's JSSE implementation. It 790 # is not guaranteed to be examined and used by other implementations. 791 # 792 # Example: 793 # jdk.tls.server.defaultDHEParameters= 794 # { \ 795 # FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 \ 796 # 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \ 797 # EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \ 798 # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ 799 # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ 800 # FFFFFFFF FFFFFFFF, 2} 801 802 # 803 # Cryptographic Jurisdiction Policy defaults 804 # 805 # Import and export control rules on cryptographic software vary from 806 # country to country. By default, Java provides two different sets of 807 # cryptographic policy files[1]: 808 # 809 # unlimited: These policy files contain no restrictions on cryptographic 810 # strengths or algorithms 811 # 812 # limited: These policy files contain more restricted cryptographic 813 # strengths 814 # 815 # The default setting is determined by the value of the "crypto.policy" 816 # Security property below. If your country or usage requires the 817 # traditional restrictive policy, the "limited" Java cryptographic 818 # policy is still available and may be appropriate for your environment. 819 # 820 # If you have restrictions that do not fit either use case mentioned 821 # above, Java provides the capability to customize these policy files. 822 # The "crypto.policy" security property points to a subdirectory | 783 # provider's default group parameter is used for each connection. 784 # 785 # If the property value does not follow the grammar, or a particular group 786 # parameter is not valid, the connection will fall back and use the 787 # underlying JSSE provider's default group parameter. 788 # 789 # Note: This property is currently used by OpenJDK's JSSE implementation. It 790 # is not guaranteed to be examined and used by other implementations. 791 # 792 # Example: 793 # jdk.tls.server.defaultDHEParameters= 794 # { \ 795 # FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 \ 796 # 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \ 797 # EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \ 798 # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ 799 # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ 800 # FFFFFFFF FFFFFFFF, 2} 801 802 # 803 # TLS key limits on symmetric cryptographic algorithms 804 # 805 # This security property sets limits on algorithms key usage in TLS 1.3. 806 # When the amount of data encrypted exceeds the algorithm value listed below, 807 # a KeyUpdate message will trigger a key change. This is for symmetric ciphers 808 # with TLS 1.3 only. 809 # 810 # The syntax for the property is described below: 811 # KeyLimits: 812 # " KeyLimit { , KeyLimit } " 813 # 814 # WeakKeyLimit: 815 # AlgorithmName Action Length 816 # 817 # AlgorithmName: 818 # A full algorithm transformation. 819 # 820 # Action: 821 # KeyUpdate 822 # 823 # Length: 824 # The amount of encrypted data in a session before the Action occurs 825 # This value may be an integer value in bytes, or as a power of two, 2^29. 826 # 827 # KeyUpdate: 828 # The TLS 1.3 KeyUpdate handshake process begins when the Length amount 829 # is fulfilled. 830 # 831 # Note: This property is currently used by OpenJDK's JSSE implementation. It 832 # is not guaranteed to be examined and used by other implementations. 833 # 834 jdk.tls.keyLimits=AES/GCM/NoPadding KeyUpdate 2^37 835 836 # 837 # Cryptographic Jurisdiction Policy defaults 838 # 839 # Import and export control rules on cryptographic software vary from 840 # country to country. By default, Java provides two different sets of 841 # cryptographic policy files[1]: 842 # 843 # unlimited: These policy files contain no restrictions on cryptographic 844 # strengths or algorithms 845 # 846 # limited: These policy files contain more restricted cryptographic 847 # strengths 848 # 849 # The default setting is determined by the value of the "crypto.policy" 850 # Security property below. If your country or usage requires the 851 # traditional restrictive policy, the "limited" Java cryptographic 852 # policy is still available and may be appropriate for your environment. 853 # 854 # If you have restrictions that do not fit either use case mentioned 855 # above, Java provides the capability to customize these policy files. 856 # The "crypto.policy" security property points to a subdirectory |