Mercurial Mercurial > jdk-sandbox / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jdk/src/java.base/share/conf/security/java.security
changeset 45992 38bdf44057b9
parent 44249 0462723a58ef
child 46160 c647e44ea1b9
equal deleted inserted replaced
45991:c308fa07c6f2 45992:38bdf44057b9 
   543 #
 
   543 #
 
   544 #   CAConstraint:
 
   544 #   CAConstraint:
 
   545 #     jdkCA
 
   545 #     jdkCA
 
   546 #       This constraint prohibits the specified algorithm only if the
 
   546 #       This constraint prohibits the specified algorithm only if the
 
   547 #       algorithm is used in a certificate chain that terminates at a marked
 
   547 #       algorithm is used in a certificate chain that terminates at a marked
 
   548 #       trust anchor in the lib/security/cacerts keystore.  If the jdkCA
 
   548 #       trust anchor in the lib/security/cacerts keystore.  If the jdkCA
 
   549 #       constraint is not set, then all chains using the specified algorithm
 
   549 #       constraint is not set, then all chains using the specified algorithm
 
   550 #       are restricted.  jdkCA may only be used once in a DisabledAlgorithm
 
   550 #       are restricted.  jdkCA may only be used once in a DisabledAlgorithm
 
   551 #       expression.
 
   551 #       expression.
 
   552 #       Example:  To apply this constraint to SHA-1 certificates, include
 
   552 #       Example:  To apply this constraint to SHA-1 certificates, include
 
   553 #       the following:  "SHA1 jdkCA"
 
   553 #       the following:  "SHA1 jdkCA"
 
   554 #
 
   554 #
 
   555 #   DenyAfterConstraint:
 
   555 #   DenyAfterConstraint:
 
   556 #     denyAfter YYYY-MM-DD
 
   556 #     denyAfter YYYY-MM-DD
 
   557 #       This constraint prohibits a certificate with the specified algorithm
 
   557 #       This constraint prohibits a certificate with the specified algorithm
 
   558 #       from being used after the date regardless of the certificate's
 
   558 #       from being used after the date regardless of the certificate's
 
   559 #       validity.  JAR files that are signed and timestamped before the
 
   559 #       validity.  JAR files that are signed and timestamped before the
 
   560 #       constraint date with certificates containing the disabled algorithm
 
   560 #       constraint date with certificates containing the disabled algorithm
 
   561 #       will not be restricted.  The date is processed in the UTC timezone.
 
   561 #       will not be restricted.  The date is processed in the UTC timezone.
 
   562 #       This constraint can only be used once in a DisabledAlgorithm
 
   562 #       This constraint can only be used once in a DisabledAlgorithm
 
   563 #       expression.
 
   563 #       expression.
 
   564 #       Example:  To deny usage of RSA 2048 bit certificates after Feb 3 2020,
 
   564 #       Example:  To deny usage of RSA 2048 bit certificates after Feb 3 2020,
 
   565 #       use the following:  "RSA keySize == 2048 & denyAfter 2020-02-03"
 
   565 #       use the following:  "RSA keySize == 2048 & denyAfter 2020-02-03"
 
   566 #
 
   566 #
 
   567 #   UsageConstraint:
 
   567 #   UsageConstraint:
jdk-sandbox