718 # syntax of the disabled algorithm string. |
718 # syntax of the disabled algorithm string. |
719 # |
719 # |
720 # Note: The algorithm restrictions do not apply to trust anchors or |
720 # Note: The algorithm restrictions do not apply to trust anchors or |
721 # self-signed certificates. |
721 # self-signed certificates. |
722 # |
722 # |
723 # Note: This property is currently used by Oracle's JSSE implementation. |
723 # Note: This property is currently used by the JDK Reference implementation. |
724 # It is not guaranteed to be examined and used by other implementations. |
724 # It is not guaranteed to be examined and used by other implementations. |
725 # |
725 # |
726 # Example: |
726 # Example: |
727 # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 |
727 # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 |
728 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ |
728 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \ |
738 # in practice. |
738 # in practice. |
739 # |
739 # |
740 # During SSL/TLS security parameters negotiation, legacy algorithms will |
740 # During SSL/TLS security parameters negotiation, legacy algorithms will |
741 # not be negotiated unless there are no other candidates. |
741 # not be negotiated unless there are no other candidates. |
742 # |
742 # |
743 # The syntax of the disabled algorithm string is described as this Java |
743 # The syntax of the legacy algorithms string is described as this Java |
744 # BNF-style: |
744 # BNF-style: |
745 # LegacyAlgorithms: |
745 # LegacyAlgorithms: |
746 # " LegacyAlgorithm { , LegacyAlgorithm } " |
746 # " LegacyAlgorithm { , LegacyAlgorithm } " |
747 # |
747 # |
748 # LegacyAlgorithm: |
748 # LegacyAlgorithm: |
774 # jdk.tls.disabledAlgorithms property or the |
774 # jdk.tls.disabledAlgorithms property or the |
775 # java.security.AlgorithmConstraints API (See |
775 # java.security.AlgorithmConstraints API (See |
776 # javax.net.ssl.SSLParameters.setAlgorithmConstraints()), |
776 # javax.net.ssl.SSLParameters.setAlgorithmConstraints()), |
777 # then the algorithm is completely disabled and will not be negotiated. |
777 # then the algorithm is completely disabled and will not be negotiated. |
778 # |
778 # |
779 # Note: This property is currently used by Oracle's JSSE implementation. |
779 # Note: This property is currently used by the JDK Reference implementation. |
780 # It is not guaranteed to be examined and used by other implementations. |
780 # It is not guaranteed to be examined and used by other implementations. |
781 # There is no guarantee the property will continue to exist or be of the |
781 # There is no guarantee the property will continue to exist or be of the |
782 # same syntax in future releases. |
782 # same syntax in future releases. |
783 # |
783 # |
784 # Example: |
784 # Example: |
787 jdk.tls.legacyAlgorithms= \ |
787 jdk.tls.legacyAlgorithms= \ |
788 K_NULL, C_NULL, M_NULL, \ |
788 K_NULL, C_NULL, M_NULL, \ |
789 DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ |
789 DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ |
790 DH_RSA_EXPORT, RSA_EXPORT, \ |
790 DH_RSA_EXPORT, RSA_EXPORT, \ |
791 DH_anon, ECDH_anon, \ |
791 DH_anon, ECDH_anon, \ |
792 RC4_128, RC4_40, DES_CBC, DES40_CBC |
792 RC4_128, RC4_40, DES_CBC, DES40_CBC, \ |
|
793 3DES_EDE_CBC |
793 |
794 |
794 # The pre-defined default finite field Diffie-Hellman ephemeral (DHE) |
795 # The pre-defined default finite field Diffie-Hellman ephemeral (DHE) |
795 # parameters for Transport Layer Security (SSL/TLS/DTLS) processing. |
796 # parameters for Transport Layer Security (SSL/TLS/DTLS) processing. |
796 # |
797 # |
797 # In traditional SSL/TLS/DTLS connections where finite field DHE parameters |
798 # In traditional SSL/TLS/DTLS connections where finite field DHE parameters |