103 # Transformations can be specified in their full standard name |
103 # Transformations can be specified in their full standard name |
104 # (ex: AES/CBC/PKCS5Padding), or as partial matches (ex: AES, AES/CBC). |
104 # (ex: AES/CBC/PKCS5Padding), or as partial matches (ex: AES, AES/CBC). |
105 # The provider is the name of the provider. Any provider that does not |
105 # The provider is the name of the provider. Any provider that does not |
106 # also appear in the registered list will be ignored. |
106 # also appear in the registered list will be ignored. |
107 # |
107 # |
|
108 # There is a special serviceType for this property only to group a set of |
|
109 # algorithms together. The type is "Group" and is followed by an algorithm |
|
110 # keyword. Groups are to simplify and lessen the entries on the property |
|
111 # line. Current groups are: |
|
112 # Group.SHA2 = SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256 |
|
113 # Group.HmacSHA2 = HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512 |
|
114 # Group.SHA2RSA = SHA224withRSA, SHA256withRSA, SHA384withRSA, SHA512withRSA |
|
115 # Group.SHA2DSA = SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA |
|
116 # Group.SHA2ECDSA = SHA224withECDSA, SHA256withECDSA, SHA384withECDSA, \ |
|
117 # SHA512withECDSA |
|
118 # Group.SHA3 = SHA3-224, SHA3-256, SHA3-384, SHA3-512 |
|
119 # Group.HmacSHA3 = HmacSHA3-224, HmacSHA3-256, HmacSHA3-384, HmacSHA3-512 |
|
120 # |
108 # Example: |
121 # Example: |
109 # jdk.security.provider.preferred=AES/GCM/NoPadding:SunJCE, \ |
122 # jdk.security.provider.preferred=AES/GCM/NoPadding:SunJCE, \ |
110 # MessageDigest.SHA-256:SUN |
123 # MessageDigest.SHA-256:SUN, Group.HmacSHA2:SunJCE |
111 #ifdef solaris-sparc |
124 #ifdef solaris-sparc |
112 jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, SHA-224:SUN, \ |
125 jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, Group.SHA2:SUN, \ |
113 SHA-256:SUN, SHA-384:SUN, SHA-512:SUN |
126 HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE |
114 #endif |
127 #endif |
115 #ifdef solaris-x86 |
128 #ifdef solaris-x86 |
116 jdk.security.provider.preferred=AES:SunJCE, RSA:SunRsaSign |
129 jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, Group.SHA2:SUN, \ |
|
130 HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE, RSA:SunRsaSign, \ |
|
131 SHA1withRSA:SunRsaSign, Group.SHA2RSA:SunRsaSign |
117 #endif |
132 #endif |
118 |
133 |
119 |
134 |
120 # |
135 # |
121 # Sun Provider SecureRandom seed source. |
136 # Sun Provider SecureRandom seed source. |
611 # algorithms. |
626 # algorithms. |
612 # |
627 # |
613 # "CertConstraint" specifies additional constraints for |
628 # "CertConstraint" specifies additional constraints for |
614 # certificates that contain algorithms that are restricted: |
629 # certificates that contain algorithms that are restricted: |
615 # |
630 # |
616 # "jdkCA" prohibits the specified algorithm only if the algorithm is used |
631 # "jdkCA" prohibits the specified algorithm only if the algorithm is used |
617 # in a certificate chain that terminates at a marked trust anchor in the |
632 # in a certificate chain that terminates at a marked trust anchor in the |
618 # lib/security/cacerts keystore. All other chains are not affected. |
633 # lib/security/cacerts keystore. All other chains are not affected. |
619 # If the jdkCA constraint is not set, then all chains using the |
634 # If the jdkCA constraint is not set, then all chains using the |
620 # specified algorithm are restricted. jdkCA may only be used once in |
635 # specified algorithm are restricted. jdkCA may only be used once in |
621 # a DisabledAlgorithm expression. |
636 # a DisabledAlgorithm expression. |
622 # Example: To apply this constraint to SHA-1 certificates, include |
637 # Example: To apply this constraint to SHA-1 certificates, include |
623 # the following: "SHA1 jdkCA" |
638 # the following: "SHA1 jdkCA" |
624 # |
639 # |
625 # When an algorithm must satisfy more than one constraint, it must be |
640 # When an algorithm must satisfy more than one constraint, it must be |
626 # delimited by an ampersand '&'. For example, to restrict certificates in a |
641 # delimited by an ampersand '&'. For example, to restrict certificates in a |
627 # chain that terminate at a distribution provided trust anchor and contain |
642 # chain that terminate at a distribution provided trust anchor and contain |
628 # RSA keys that are less than or equal to 1024 bits, add the following |
643 # RSA keys that are less than or equal to 1024 bits, add the following |