Mercurial Mercurial > jdk-sandbox / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jdk/src/java.base/share/conf/security/java.security
changeset 47031 78fb24b5f758
parent 46160 c647e44ea1b9 
--- a/jdk/src/java.base/share/conf/security/java.security	Thu Aug 31 08:35:16 2017 -0700
+++ b/jdk/src/java.base/share/conf/security/java.security	Thu Aug 31 12:48:19 2017 -0700
@@ -678,6 +678,7 @@
 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
     EC keySize < 224
 
+#
 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
 # processing in JSSE implementation.
 #
@@ -742,6 +743,7 @@
         RC4_128, RC4_40, DES_CBC, DES40_CBC, \
         3DES_EDE_CBC
 
+#
 # The pre-defined default finite field Diffie-Hellman ephemeral (DHE)
 # parameters for Transport Layer Security (SSL/TLS/DTLS) processing.
 #
@@ -799,54 +801,38 @@
 #       EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \
 #       FFFFFFFF FFFFFFFF, 2}
 
+#
 # Cryptographic Jurisdiction Policy defaults
 #
-# Due to the import control restrictions of some countries, the default
-# JCE policy files allow for strong but "limited" cryptographic key
-# lengths to be used.  If your country's cryptographic regulations allow,
-# the "unlimited" strength policy files can be used instead, which contain
-# no restrictions on cryptographic strengths.
+# Import and export control rules on cryptographic software vary from
+# country to country.  By default, Java provides two different sets of
+# cryptographic policy files[1]:
+#
+#     unlimited:  These policy files contain no restrictions on cryptographic
+#                 strengths or algorithms
+#
+#     limited:    These policy files contain more restricted cryptographic
+#                 strengths
 #
-# If your country has restrictions that don't fit either "limited" or
-# "unlimited", an appropriate set of policy files should be created and
-# configured before using this distribution.  The jurisdiction policy file
-# configuration must reflect the cryptographic restrictions appropriate
-# for your country.
+# The default setting is determined by the value of the “crypto.policy”
+# Security property below. If your country or usage requires the
+# traditional restrictive policy, the “limited” Java cryptographic
+# policy is still available and may be appropriate for your environment.
+#
+# If you have restrictions that do not fit either use case mentioned
+# above, Java provides the capability to customize these policy files.
+# The “crypto.policy” security property points to a subdirectory
+# within <java-home>/conf/security/policy/ which can be customized.
+# Please see the <java-home>/conf/security/policy/README.txt file or consult
+# the Java Security Guide/JCA documentation for more information.
 #
 # YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY
 # TO DETERMINE THE EXACT REQUIREMENTS.
 #
-# The policy files are flat text files organized into subdirectories of
-# <java-home>/conf/security/policy.  Each directory contains a complete
-# set of policy files.
-#
-# The "crypto.policy" Security property controls the directory selection,
-# and thus the effective cryptographic policy.
-#
-# The default set of directories is:
-#
-#     limited | unlimited
-#
-# however other directories can be created and configured.
-#
-# Within a directory, the effective policy is the combined minimum
-# permissions of the grant statements in the file(s) with the filename
-# pattern "default_*.policy".  At least one grant is required.  For
-# example:
-#
-#     limited   =  Export (all) + Import (limited)  =  Limited
-#     unlimited =  Export (all) + Import (all)      =  Unlimited
-#
-# The effective exemption policy is the combined minimum permissions
-# of the grant statements in the file(s) with the filename pattern
-# "exempt_*.policy".  Exemption grants are optional.
-#
-#     limited   =  grants exemption permissions, by which the
-#                  effective policy can be circumvented.
-#                  e.g.  KeyRecovery/Escrow/Weakening.
-#
-# Please see the JCA documentation for additional information on these
-# files and formats.
+# [1] Please note that the JCE for Java SE, including the JCE framework,
+# cryptographic policy files, and standard JCE providers provided with
+# the Java SE, have been reviewed and approved for export as mass market
+# encryption item by the US Bureau of Industry and Security.
 #
 # Note: This property is currently used by the JDK Reference implementation.
 # It is not guaranteed to be examined and used by other implementations.
jdk-sandbox