676 # Example: |
676 # Example: |
677 # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 |
677 # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 |
678 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ |
678 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ |
679 EC keySize < 224 |
679 EC keySize < 224 |
680 |
680 |
|
681 # |
681 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) |
682 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) |
682 # processing in JSSE implementation. |
683 # processing in JSSE implementation. |
683 # |
684 # |
684 # In some environments, a certain algorithm may be undesirable but it |
685 # In some environments, a certain algorithm may be undesirable but it |
685 # cannot be disabled because of its use in legacy applications. Legacy |
686 # cannot be disabled because of its use in legacy applications. Legacy |
740 DH_RSA_EXPORT, RSA_EXPORT, \ |
741 DH_RSA_EXPORT, RSA_EXPORT, \ |
741 DH_anon, ECDH_anon, \ |
742 DH_anon, ECDH_anon, \ |
742 RC4_128, RC4_40, DES_CBC, DES40_CBC, \ |
743 RC4_128, RC4_40, DES_CBC, DES40_CBC, \ |
743 3DES_EDE_CBC |
744 3DES_EDE_CBC |
744 |
745 |
|
746 # |
745 # The pre-defined default finite field Diffie-Hellman ephemeral (DHE) |
747 # The pre-defined default finite field Diffie-Hellman ephemeral (DHE) |
746 # parameters for Transport Layer Security (SSL/TLS/DTLS) processing. |
748 # parameters for Transport Layer Security (SSL/TLS/DTLS) processing. |
747 # |
749 # |
748 # In traditional SSL/TLS/DTLS connections where finite field DHE parameters |
750 # In traditional SSL/TLS/DTLS connections where finite field DHE parameters |
749 # negotiation mechanism is not used, the server offers the client group |
751 # negotiation mechanism is not used, the server offers the client group |
797 # EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \ |
799 # EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \ |
798 # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ |
800 # E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \ |
799 # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ |
801 # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ |
800 # FFFFFFFF FFFFFFFF, 2} |
802 # FFFFFFFF FFFFFFFF, 2} |
801 |
803 |
|
804 # |
802 # Cryptographic Jurisdiction Policy defaults |
805 # Cryptographic Jurisdiction Policy defaults |
803 # |
806 # |
804 # Due to the import control restrictions of some countries, the default |
807 # Import and export control rules on cryptographic software vary from |
805 # JCE policy files allow for strong but "limited" cryptographic key |
808 # country to country. By default, Java provides two different sets of |
806 # lengths to be used. If your country's cryptographic regulations allow, |
809 # cryptographic policy files[1]: |
807 # the "unlimited" strength policy files can be used instead, which contain |
810 # |
808 # no restrictions on cryptographic strengths. |
811 # unlimited: These policy files contain no restrictions on cryptographic |
809 # |
812 # strengths or algorithms |
810 # If your country has restrictions that don't fit either "limited" or |
813 # |
811 # "unlimited", an appropriate set of policy files should be created and |
814 # limited: These policy files contain more restricted cryptographic |
812 # configured before using this distribution. The jurisdiction policy file |
815 # strengths |
813 # configuration must reflect the cryptographic restrictions appropriate |
816 # |
814 # for your country. |
817 # The default setting is determined by the value of the “crypto.policy” |
|
818 # Security property below. If your country or usage requires the |
|
819 # traditional restrictive policy, the “limited” Java cryptographic |
|
820 # policy is still available and may be appropriate for your environment. |
|
821 # |
|
822 # If you have restrictions that do not fit either use case mentioned |
|
823 # above, Java provides the capability to customize these policy files. |
|
824 # The “crypto.policy” security property points to a subdirectory |
|
825 # within <java-home>/conf/security/policy/ which can be customized. |
|
826 # Please see the <java-home>/conf/security/policy/README.txt file or consult |
|
827 # the Java Security Guide/JCA documentation for more information. |
815 # |
828 # |
816 # YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY |
829 # YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY |
817 # TO DETERMINE THE EXACT REQUIREMENTS. |
830 # TO DETERMINE THE EXACT REQUIREMENTS. |
818 # |
831 # |
819 # The policy files are flat text files organized into subdirectories of |
832 # [1] Please note that the JCE for Java SE, including the JCE framework, |
820 # <java-home>/conf/security/policy. Each directory contains a complete |
833 # cryptographic policy files, and standard JCE providers provided with |
821 # set of policy files. |
834 # the Java SE, have been reviewed and approved for export as mass market |
822 # |
835 # encryption item by the US Bureau of Industry and Security. |
823 # The "crypto.policy" Security property controls the directory selection, |
|
824 # and thus the effective cryptographic policy. |
|
825 # |
|
826 # The default set of directories is: |
|
827 # |
|
828 # limited | unlimited |
|
829 # |
|
830 # however other directories can be created and configured. |
|
831 # |
|
832 # Within a directory, the effective policy is the combined minimum |
|
833 # permissions of the grant statements in the file(s) with the filename |
|
834 # pattern "default_*.policy". At least one grant is required. For |
|
835 # example: |
|
836 # |
|
837 # limited = Export (all) + Import (limited) = Limited |
|
838 # unlimited = Export (all) + Import (all) = Unlimited |
|
839 # |
|
840 # The effective exemption policy is the combined minimum permissions |
|
841 # of the grant statements in the file(s) with the filename pattern |
|
842 # "exempt_*.policy". Exemption grants are optional. |
|
843 # |
|
844 # limited = grants exemption permissions, by which the |
|
845 # effective policy can be circumvented. |
|
846 # e.g. KeyRecovery/Escrow/Weakening. |
|
847 # |
|
848 # Please see the JCA documentation for additional information on these |
|
849 # files and formats. |
|
850 # |
836 # |
851 # Note: This property is currently used by the JDK Reference implementation. |
837 # Note: This property is currently used by the JDK Reference implementation. |
852 # It is not guaranteed to be examined and used by other implementations. |
838 # It is not guaranteed to be examined and used by other implementations. |
853 # |
839 # |
854 crypto.policy=crypto.policydir-tbd |
840 crypto.policy=crypto.policydir-tbd |