jdk/src/java.base/share/conf/security/java.security
changeset 31689 1201792aa3a3
parent 31270 e6470b24700d
child 31712 e4d5230193da
equal deleted inserted replaced
31688:42c9b194a469 31689:1201792aa3a3
   540 # It is not guaranteed to be examined and used by other implementations.
   540 # It is not guaranteed to be examined and used by other implementations.
   541 #
   541 #
   542 # Example:
   542 # Example:
   543 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
   543 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
   544 jdk.tls.disabledAlgorithms=SSLv3, RC4
   544 jdk.tls.disabledAlgorithms=SSLv3, RC4
       
   545 
       
   546 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
       
   547 # processing in JSSE implementation.
       
   548 #
       
   549 # In some environments, a certain algorithm may be undesirable but it
       
   550 # cannot be disabled because of its use in legacy applications.  Legacy
       
   551 # algorithms may still be supported, but applications should not use them
       
   552 # as the security strength of legacy algorithms are usually not strong enough
       
   553 # in practice.
       
   554 #
       
   555 # During SSL/TLS security parameters negotiation, legacy algorithms will
       
   556 # not be negotiated unless there are no other candidates.
       
   557 #
       
   558 # The syntax of the disabled algorithm string is described as this Java
       
   559 # BNF-style:
       
   560 #   LegacyAlgorithms:
       
   561 #       " LegacyAlgorithm { , LegacyAlgorithm } "
       
   562 #
       
   563 #   LegacyAlgorithm:
       
   564 #       AlgorithmName (standard JSSE algorithm name)
       
   565 #
       
   566 # See the specification of security property "jdk.certpath.disabledAlgorithms"
       
   567 # for the syntax and description of the "AlgorithmName" notation.
       
   568 #
       
   569 # Per SSL/TLS specifications, cipher suites have the form:
       
   570 #       SSL_KeyExchangeAlg_WITH_CipherAlg_MacAlg
       
   571 # or
       
   572 #       TLS_KeyExchangeAlg_WITH_CipherAlg_MacAlg
       
   573 #
       
   574 # For example, the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA uses RSA as the
       
   575 # key exchange algorithm, AES_128_CBC (128 bits AES cipher algorithm in CBC
       
   576 # mode) as the cipher (encryption) algorithm, and SHA-1 as the message digest
       
   577 # algorithm for HMAC.
       
   578 #
       
   579 # The LegacyAlgorithm can be one of the following standard algorithm names:
       
   580 #     1. JSSE cipher suite name, e.g., TLS_RSA_WITH_AES_128_CBC_SHA
       
   581 #     2. JSSE key exchange algorithm name, e.g., RSA
       
   582 #     3. JSSE cipher (encryption) algorithm name, e.g., AES_128_CBC
       
   583 #     4. JSSE message digest algorithm name, e.g., SHA-1
       
   584 #
       
   585 # See SSL/TLS specifications and "Java Cryptography Architecture Standard
       
   586 # Algorithm Name Documentation" for information about the algorithm names.
       
   587 #
       
   588 # Note: This property is currently used by Oracle's JSSE implementation.
       
   589 # It is not guaranteed to be examined and used by other implementations.
       
   590 # There is no guarantee the property will continue to exist or be of the
       
   591 # same syntax in future releases.
       
   592 #
       
   593 # Example:
       
   594 #   jdk.tls.legacyAlgorithms=DH_anon, DES_CBC, SSL_RSA_WITH_RC4_128_MD5
       
   595 #
       
   596 jdk.tls.legacyAlgorithms= \
       
   597         K_NULL, C_NULL, M_NULL, \
       
   598         DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
       
   599         DH_RSA_EXPORT, RSA_EXPORT, \
       
   600         DH_anon, ECDH_anon, \
       
   601         RC4_128, RC4_40, DES_CBC, DES40_CBC