diff -r 92cbbfc996f3 -r 56aaa6cb3693 src/java.base/share/conf/security/java.security --- a/src/java.base/share/conf/security/java.security Fri May 11 14:55:56 2018 -0700 +++ b/src/java.base/share/conf/security/java.security Fri May 11 15:53:12 2018 -0700 @@ -800,6 +800,40 @@ # FFFFFFFF FFFFFFFF, 2} # +# TLS key limits on symmetric cryptographic algorithms +# +# This security property sets limits on algorithms key usage in TLS 1.3. +# When the amount of data encrypted exceeds the algorithm value listed below, +# a KeyUpdate message will trigger a key change. This is for symmetric ciphers +# with TLS 1.3 only. +# +# The syntax for the property is described below: +# KeyLimits: +# " KeyLimit { , KeyLimit } " +# +# WeakKeyLimit: +# AlgorithmName Action Length +# +# AlgorithmName: +# A full algorithm transformation. +# +# Action: +# KeyUpdate +# +# Length: +# The amount of encrypted data in a session before the Action occurs +# This value may be an integer value in bytes, or as a power of two, 2^29. +# +# KeyUpdate: +# The TLS 1.3 KeyUpdate handshake process begins when the Length amount +# is fulfilled. +# +# Note: This property is currently used by OpenJDK's JSSE implementation. It +# is not guaranteed to be examined and used by other implementations. +# +jdk.tls.keyLimits=AES/GCM/NoPadding KeyUpdate 2^37 + +# # Cryptographic Jurisdiction Policy defaults # # Import and export control rules on cryptographic software vary from