Mercurial Mercurial > jdk-sandbox / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jdk/src/java.base/share/conf/security/java.security
changeset 28555 c7bf34f7b215
parent 28243 47080f9ae750
child 29902 dc24eacaae11 
--- a/jdk/src/java.base/share/conf/security/java.security	Thu Oct 23 07:07:16 2014 +0800
+++ b/jdk/src/java.base/share/conf/security/java.security	Mon Nov 03 08:30:18 2014 +0000
@@ -512,8 +512,12 @@
 #
 # In some environments, certain algorithms or key lengths may be undesirable
 # when using SSL/TLS.  This section describes the mechanism for disabling
-# algorithms during SSL/TLS security parameters negotiation, including cipher
-# suites selection, peer authentication and key exchange mechanisms.
+# algorithms during SSL/TLS security parameters negotiation, including
+# protocol version negotiation, cipher suites selection, peer authentication
+# and key exchange mechanisms.
+#
+# Disabled algorithms will not be negotiated for SSL/TLS connections, even
+# if they are enabled explicitly in an application.
 #
 # For PKI-based peer authentication and key exchange mechanisms, this list
 # of disabled algorithms will also be checked during certification path
@@ -528,4 +532,5 @@
 # It is not guaranteed to be examined and used by other implementations.
 #
 # Example:
-#   jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
+#   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
+jdk.tls.disabledAlgorithms=SSLv3
jdk-sandbox