798 # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ |
798 # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ |
799 # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ |
799 # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ |
800 # FFFFFFFF FFFFFFFF, 2} |
800 # FFFFFFFF FFFFFFFF, 2} |
801 |
801 |
802 # |
802 # |
|
803 # TLS key limits on symmetric cryptographic algorithms |
|
804 # |
|
805 # This security property sets limits on algorithms key usage in TLS 1.3. |
|
806 # When the amount of data encrypted exceeds the algorithm value listed below, |
|
807 # a KeyUpdate message will trigger a key change. This is for symmetric ciphers |
|
808 # with TLS 1.3 only. |
|
809 # |
|
810 # The syntax for the property is described below: |
|
811 # KeyLimits: |
|
812 # " KeyLimit { , KeyLimit } " |
|
813 # |
|
814 # WeakKeyLimit: |
|
815 # AlgorithmName Action Length |
|
816 # |
|
817 # AlgorithmName: |
|
818 # A full algorithm transformation. |
|
819 # |
|
820 # Action: |
|
821 # KeyUpdate |
|
822 # |
|
823 # Length: |
|
824 # The amount of encrypted data in a session before the Action occurs |
|
825 # This value may be an integer value in bytes, or as a power of two, 2^29. |
|
826 # |
|
827 # KeyUpdate: |
|
828 # The TLS 1.3 KeyUpdate handshake process begins when the Length amount |
|
829 # is fulfilled. |
|
830 # |
|
831 # Note: This property is currently used by OpenJDK's JSSE implementation. It |
|
832 # is not guaranteed to be examined and used by other implementations. |
|
833 # |
|
834 jdk.tls.keyLimits=AES/GCM/NoPadding KeyUpdate 2^37 |
|
835 |
|
836 # |
803 # Cryptographic Jurisdiction Policy defaults |
837 # Cryptographic Jurisdiction Policy defaults |
804 # |
838 # |
805 # Import and export control rules on cryptographic software vary from |
839 # Import and export control rules on cryptographic software vary from |
806 # country to country. By default, Java provides two different sets of |
840 # country to country. By default, Java provides two different sets of |
807 # cryptographic policy files[1]: |
841 # cryptographic policy files[1]: |