OpenJDK / jdk-updates / jdk12u
changeset 41589:e638cce63968
8167591: Add MD5 to signed JAR restrictions
Reviewed-by: mullan, jnimeh
| author | ascarpino |
|---|---|
| date | Wed, 19 Oct 2016 10:49:52 -0700 |
| parents | 6e66ad59f99a |
| children | 1c5b1891b8e0 |
| files | jdk/src/java.base/share/conf/security/java.security |
| diffstat | 1 files changed, 38 insertions(+), 38 deletions(-) [+] |
line wrap: on
line diff
--- a/jdk/src/java.base/share/conf/security/java.security Wed Oct 19 12:42:34 2016 +0200 +++ b/jdk/src/java.base/share/conf/security/java.security Wed Oct 19 10:49:52 2016 -0700 @@ -655,6 +655,44 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & denyAfter 2017-01-01, \ RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ + DSA keySize < 1024 + # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS/DTLS) processing # @@ -936,41 +974,3 @@ # #jdk.serialFilter=pattern;pattern -# Algorithm restrictions for signed JAR files -# -# In some environments, certain algorithms or key lengths may be undesirable -# for signed JAR validation. For example, "MD2" is generally no longer -# considered to be a secure hash algorithm. This section describes the -# mechanism for disabling algorithms based on algorithm name and/or key length. -# JARs signed with any of the disabled algorithms or key sizes will be treated -# as unsigned. -# -# The syntax of the disabled algorithm string is described as follows: -# DisabledAlgorithms: -# " DisabledAlgorithm { , DisabledAlgorithm } " -# -# DisabledAlgorithm: -# AlgorithmName [Constraint] -# -# AlgorithmName: -# (see below) -# -# Constraint: -# KeySizeConstraint -# -# KeySizeConstraint: -# keySize Operator KeyLength -# -# Operator: -# <= | < | == | != | >= | > -# -# KeyLength: -# Integer value of the algorithm's key length in bits -# -# Note: This property is currently used by the JDK Reference -# implementation. It is not guaranteed to be examined and used by other -# implementations. -# -jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024, \ - DSA keySize < 1024 -