src/java.base/share/conf/security/java.security

Print this page
8168822 Document that algorithm restrictions do not apply to trusted certs

@@ -643,10 +643,12 @@
 # All DisabledAlgorithms expressions are processed in the order defined in the
 # property.  This requires lower keysize constraints to be specified
 # before larger keysize constraints of the same algorithm.  For example:
 # "RSA keySize < 1024 & jdkCA, RSA keySize < 2048".
 #
+# Note: Algorithm restrictions do not apply to trusted certificates.
+#
 # Note: This property is currently used by Oracle's PKIX implementation. It
 # is not guaranteed to be examined and used by other implementations.
 #
 # Example:
 #   jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048

@@ -712,10 +714,12 @@
 # This is in addition to the jdk.certpath.disabledAlgorithms property above.
 #
 # See the specification of "jdk.certpath.disabledAlgorithms" for the
 # syntax of the disabled algorithm string.
 #
+# Note: Algorithm restrictions do not apply to trusted certificates.
+#
 # Note: This property is currently used by Oracle's JSSE implementation.
 # It is not guaranteed to be examined and used by other implementations.
 #
 # Example:
 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048