Mercurial Mercurial > jdk-sandbox / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jdk/src/java.base/share/conf/security/java.security
changeset 38435 292ad46c1bf1
parent 38419 5201cc2ca81d
child 38576 ccaac80108c5
equal deleted inserted replaced
38434:a38df2210d1f 38435:292ad46c1bf1 
   103 # Transformations can be specified in their full standard name
 
   103 # Transformations can be specified in their full standard name
 
   104 # (ex: AES/CBC/PKCS5Padding), or as partial matches (ex: AES, AES/CBC).
 
   104 # (ex: AES/CBC/PKCS5Padding), or as partial matches (ex: AES, AES/CBC).
 
   105 # The provider is the name of the provider. Any provider that does not
 
   105 # The provider is the name of the provider. Any provider that does not
 
   106 # also appear in the registered list will be ignored.
 
   106 # also appear in the registered list will be ignored.
 
   107 #
 
   107 #
 
       
   108 # There is a special serviceType for this property only to group a set of
 
       
   109 # algorithms together. The type is "Group" and is followed by an algorithm
 
       
   110 # keyword. Groups are to simplify and lessen the entries on the property
 
       
   111 # line. Current groups are:
 
       
   112 #   Group.SHA2 = SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256
 
       
   113 #   Group.HmacSHA2 = HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512
 
       
   114 #   Group.SHA2RSA = SHA224withRSA, SHA256withRSA, SHA384withRSA, SHA512withRSA
 
       
   115 #   Group.SHA2DSA = SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA
 
       
   116 #   Group.SHA2ECDSA = SHA224withECDSA, SHA256withECDSA, SHA384withECDSA, \
 
       
   117 #                     SHA512withECDSA
 
       
   118 #   Group.SHA3 = SHA3-224, SHA3-256, SHA3-384, SHA3-512
 
       
   119 #   Group.HmacSHA3 = HmacSHA3-224, HmacSHA3-256, HmacSHA3-384, HmacSHA3-512
 
       
   120 #
 
   108 # Example:
 
   121 # Example:
 
   109 #   jdk.security.provider.preferred=AES/GCM/NoPadding:SunJCE, \
 
   122 #   jdk.security.provider.preferred=AES/GCM/NoPadding:SunJCE, \
 
   110 #         MessageDigest.SHA-256:SUN
 
   123 #         MessageDigest.SHA-256:SUN, Group.HmacSHA2:SunJCE
 
   111 #ifdef solaris-sparc
 
   124 #ifdef solaris-sparc
 
   112 jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, SHA-224:SUN, \
 
   125 jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, Group.SHA2:SUN, \
 
   113       SHA-256:SUN, SHA-384:SUN, SHA-512:SUN
 
   126       HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE
 
   114 #endif
 
   127 #endif
 
   115 #ifdef solaris-x86
 
   128 #ifdef solaris-x86
 
   116 jdk.security.provider.preferred=AES:SunJCE, RSA:SunRsaSign
 
   129 jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, Group.SHA2:SUN, \
 
       
   130       HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE, RSA:SunRsaSign, \
 
       
   131       SHA1withRSA:SunRsaSign, Group.SHA2RSA:SunRsaSign
 
   117 #endif
 
   132 #endif
 
   118 
   133 
   119 
   134 
   120 #
 
   135 #
 
   121 # Sun Provider SecureRandom seed source.
 
   136 # Sun Provider SecureRandom seed source.
 
   611 # algorithms.
 
   626 # algorithms.
 
   612 #
 
   627 #
 
   613 # "CertConstraint" specifies additional constraints for
 
   628 # "CertConstraint" specifies additional constraints for
 
   614 # certificates that contain algorithms that are restricted:
 
   629 # certificates that contain algorithms that are restricted:
 
   615 #
 
   630 #
 
   616 #   "jdkCA" prohibits the specified algorithm only if the algorithm is used
 
   631 #   "jdkCA" prohibits the specified algorithm only if the algorithm is used
 
   617 #     in a certificate chain that terminates at a marked trust anchor in the
 
   632 #     in a certificate chain that terminates at a marked trust anchor in the
 
   618 #     lib/security/cacerts keystore.  All other chains are not affected.
 
   633 #     lib/security/cacerts keystore.  All other chains are not affected.
 
   619 #     If the jdkCA constraint is not set, then all chains using the
 
   634 #     If the jdkCA constraint is not set, then all chains using the
 
   620 #     specified algorithm are restricted.  jdkCA may only be used once in
 
   635 #     specified algorithm are restricted.  jdkCA may only be used once in
 
   621 #     a DisabledAlgorithm expression.
 
   636 #     a DisabledAlgorithm expression.
 
   622 #     Example:  To apply this constraint to SHA-1 certificates, include
 
   637 #     Example:  To apply this constraint to SHA-1 certificates, include
 
   623 #     the following:  "SHA1 jdkCA"
 
   638 #     the following:  "SHA1 jdkCA"
 
   624 #
 
   639 #
 
   625 # When an algorithm must satisfy more than one constraint, it must be
 
   640 # When an algorithm must satisfy more than one constraint, it must be
 
   626 # delimited by an ampersand '&'.  For example, to restrict certificates in a
 
   641 # delimited by an ampersand '&'.  For example, to restrict certificates in a
 
   627 # chain that terminate at a distribution provided trust anchor and contain
 
   642 # chain that terminate at a distribution provided trust anchor and contain
 
   628 # RSA keys that are less than or equal to 1024 bits, add the following
 
   643 # RSA keys that are less than or equal to 1024 bits, add the following
jdk-sandbox