1+ # Licensed to the Apache Software Foundation (ASF) under one or more
2+ # contributor license agreements. See the NOTICE file distributed with
3+ # this work for additional information regarding copyright ownership.
4+ # The ASF licenses this file to You under the Apache License, Version 2.0
5+ # (the "License"); you may not use this file except in compliance with
6+ # the License. You may obtain a copy of the License at
7+ #
8+ # http://www.apache.org/licenses/LICENSE-2.0
9+ #
10+ # Unless required by applicable law or agreed to in writing, software
11+ # distributed under the License is distributed on an "AS IS" BASIS,
12+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+ # See the License for the specific language governing permissions and
14+ # limitations under the License.
15+
16+ # Java 21 java.security properties file override for JVM
17+ # base properties derived from:
18+ # openjdk version "21-ea" 2023-09-19
19+ # OpenJDK Runtime Environment (build 21-ea+23-1988)
20+ # OpenJDK 64-Bit Server VM (build 21-ea+23-1988, mixed mode, sharing)
21+
22+ # Java has now disabled TLSv1 and TLSv1.1. We specifically put it in the
23+ # legacy algorithms list to allow it to be used if something better is not
24+ # available (e.g. TLSv1.2). This will prevent breakages for existing users
25+ # (for example JDBC with MySQL). See
26+ # https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8202343
27+ # for additional details.
28+ jdk.tls.disabledAlgorithms =SSLv3, DTLSv1.0, RC4, DES, \
29+ MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
30+ ECDH
31+
32+ # The raw value from 21-ea for legacyAlgorithms is
33+ # NULL, anon, RC4, DES, 3DES_EDE_CBC
34+ # Because these values are in disabledAlgorithms, it is erroneous to include
35+ # them in legacy (they are disabled in Java 8, 11, and 17 as well). Here we
36+ # only include TLSv1 and TLSv1.1 which were removed from disabledAlgorithms
37+ jdk.tls.legacyAlgorithms =TLSv1, TLSv1.1
38+
39+ # /dev/random blocks in virtualized environments due to lack of
40+ # good entropy sources, which makes SecureRandom use impractical.
41+ # In particular, that affects the performance of HTTPS that relies
42+ # on SecureRandom.
43+ #
44+ # Due to that, /dev/urandom is used as the default.
45+ #
46+ # See http://www.2uo.de/myths-about-urandom/ for some background
47+ # on security of /dev/urandom on Linux.
48+ securerandom.source =file:/dev/./urandom
0 commit comments