494 # A "Constraint" provides further guidance for the algorithm being specified. 495 # The "KeySizeConstraint" requires a key of a valid size range if the 496 # "AlgorithmName" is of a key algorithm. The "DecimalInteger" indicates the 497 # key size specified in number of bits. For example, "RSA keySize <= 1024" 498 # indicates that any RSA key with key size less than or equal to 1024 bits 499 # should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates 500 # that any RSA key with key size less than 1024 or greater than 2048 should 501 # be disabled. Note that the "KeySizeConstraint" only makes sense to key 502 # algorithms. 503 # 504 # Note: This property is currently used by Oracle's PKIX implementation. It 505 # is not guaranteed to be examined and used by other implementations. 506 # 507 # Example: 508 # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 509 # 510 # 511 jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 512 513 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security 514 # (SSL/TLS) processing 515 # 516 # In some environments, certain algorithms or key lengths may be undesirable 517 # when using SSL/TLS. This section describes the mechanism for disabling 518 # algorithms during SSL/TLS security parameters negotiation, including 519 # protocol version negotiation, cipher suites selection, peer authentication 520 # and key exchange mechanisms. 521 # 522 # Disabled algorithms will not be negotiated for SSL/TLS connections, even 523 # if they are enabled explicitly in an application. 524 # 525 # For PKI-based peer authentication and key exchange mechanisms, this list 526 # of disabled algorithms will also be checked during certification path 527 # building and validation, including algorithms used in certificates, as 528 # well as revocation information such as CRLs and signed OCSP Responses. 529 # This is in addition to the jdk.certpath.disabledAlgorithms property above. 530 # 531 # See the specification of "jdk.certpath.disabledAlgorithms" for the 532 # syntax of the disabled algorithm string. 533 # 534 # Note: This property is currently used by Oracle's JSSE implementation. 535 # It is not guaranteed to be examined and used by other implementations. 536 # 537 # Example: 538 # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 | 494 # A "Constraint" provides further guidance for the algorithm being specified. 495 # The "KeySizeConstraint" requires a key of a valid size range if the 496 # "AlgorithmName" is of a key algorithm. The "DecimalInteger" indicates the 497 # key size specified in number of bits. For example, "RSA keySize <= 1024" 498 # indicates that any RSA key with key size less than or equal to 1024 bits 499 # should be disabled, and "RSA keySize < 1024, RSA keySize > 2048" indicates 500 # that any RSA key with key size less than 1024 or greater than 2048 should 501 # be disabled. Note that the "KeySizeConstraint" only makes sense to key 502 # algorithms. 503 # 504 # Note: This property is currently used by Oracle's PKIX implementation. It 505 # is not guaranteed to be examined and used by other implementations. 506 # 507 # Example: 508 # jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048 509 # 510 # 511 jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 512 513 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security 514 # (SSL/TLS/DTLS) processing 515 # 516 # In some environments, certain algorithms or key lengths may be undesirable 517 # when using SSL/TLS/DTLS. This section describes the mechanism for disabling 518 # algorithms during SSL/TLS/DTLS security parameters negotiation, including 519 # protocol version negotiation, cipher suites selection, peer authentication 520 # and key exchange mechanisms. 521 # 522 # Disabled algorithms will not be negotiated for SSL/TLS connections, even 523 # if they are enabled explicitly in an application. 524 # 525 # For PKI-based peer authentication and key exchange mechanisms, this list 526 # of disabled algorithms will also be checked during certification path 527 # building and validation, including algorithms used in certificates, as 528 # well as revocation information such as CRLs and signed OCSP Responses. 529 # This is in addition to the jdk.certpath.disabledAlgorithms property above. 530 # 531 # See the specification of "jdk.certpath.disabledAlgorithms" for the 532 # syntax of the disabled algorithm string. 533 # 534 # Note: This property is currently used by Oracle's JSSE implementation. 535 # It is not guaranteed to be examined and used by other implementations. 536 # 537 # Example: 538 # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 |