Mercurial > hg > openjdk > jdk8u > jdk
changeset 12145:a2c2fbc61674 jdk8u121-b07
8167591: Add MD5 to signed JAR restrictions
Reviewed-by: mullan, jnimeh
author | asaha |
---|---|
date | Tue, 25 Oct 2016 11:52:39 -0700 |
parents | 8a6bb113ff3a |
children | b48b432f2acd |
files | src/share/lib/security/java.security-aix src/share/lib/security/java.security-linux src/share/lib/security/java.security-macosx src/share/lib/security/java.security-solaris src/share/lib/security/java.security-windows |
diffstat | 5 files changed, 185 insertions(+), 185 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/lib/security/java.security-aix Mon Oct 24 12:28:25 2016 -0700 +++ b/src/share/lib/security/java.security-aix Tue Oct 25 11:52:39 2016 -0700 @@ -520,6 +520,43 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ DSA keySize < 1024, EC keySize < 224 +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 + # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing # @@ -711,43 +748,6 @@ noDuplicateIds,\ noRetrievalMethodLoops -# Algorithm restrictions for signed JAR files -# -# In some environments, certain algorithms or key lengths may be undesirable -# for signed JAR validation. For example, "MD2" is generally no longer -# considered to be a secure hash algorithm. This section describes the -# mechanism for disabling algorithms based on algorithm name and/or key length. -# JARs signed with any of the disabled algorithms or key sizes will be treated -# as unsigned. -# -# The syntax of the disabled algorithm string is described as follows: -# DisabledAlgorithms: -# " DisabledAlgorithm { , DisabledAlgorithm } " -# -# DisabledAlgorithm: -# AlgorithmName [Constraint] -# -# AlgorithmName: -# (see below) -# -# Constraint: -# KeySizeConstraint -# -# KeySizeConstraint: -# keySize Operator KeyLength -# -# Operator: -# <= | < | == | != | >= | > -# -# KeyLength: -# Integer value of the algorithm's key length in bits -# -# Note: This property is currently used by the JDK Reference -# implementation. It is not guaranteed to be examined and used by other -# implementations. -# -jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024 - # # Serialization process-wide filter #
--- a/src/share/lib/security/java.security-linux Mon Oct 24 12:28:25 2016 -0700 +++ b/src/share/lib/security/java.security-linux Tue Oct 25 11:52:39 2016 -0700 @@ -520,6 +520,43 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ DSA keySize < 1024, EC keySize < 224 +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 + # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing # @@ -711,43 +748,6 @@ noDuplicateIds,\ noRetrievalMethodLoops -# Algorithm restrictions for signed JAR files -# -# In some environments, certain algorithms or key lengths may be undesirable -# for signed JAR validation. For example, "MD2" is generally no longer -# considered to be a secure hash algorithm. This section describes the -# mechanism for disabling algorithms based on algorithm name and/or key length. -# JARs signed with any of the disabled algorithms or key sizes will be treated -# as unsigned. -# -# The syntax of the disabled algorithm string is described as follows: -# DisabledAlgorithms: -# " DisabledAlgorithm { , DisabledAlgorithm } " -# -# DisabledAlgorithm: -# AlgorithmName [Constraint] -# -# AlgorithmName: -# (see below) -# -# Constraint: -# KeySizeConstraint -# -# KeySizeConstraint: -# keySize Operator KeyLength -# -# Operator: -# <= | < | == | != | >= | > -# -# KeyLength: -# Integer value of the algorithm's key length in bits -# -# Note: This property is currently used by the JDK Reference -# implementation. It is not guaranteed to be examined and used by other -# implementations. -# -jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024 - # # Serialization process-wide filter #
--- a/src/share/lib/security/java.security-macosx Mon Oct 24 12:28:25 2016 -0700 +++ b/src/share/lib/security/java.security-macosx Tue Oct 25 11:52:39 2016 -0700 @@ -523,6 +523,43 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ DSA keySize < 1024, EC keySize < 224 +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 + # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing # @@ -714,43 +751,6 @@ noDuplicateIds,\ noRetrievalMethodLoops -# Algorithm restrictions for signed JAR files -# -# In some environments, certain algorithms or key lengths may be undesirable -# for signed JAR validation. For example, "MD2" is generally no longer -# considered to be a secure hash algorithm. This section describes the -# mechanism for disabling algorithms based on algorithm name and/or key length. -# JARs signed with any of the disabled algorithms or key sizes will be treated -# as unsigned. -# -# The syntax of the disabled algorithm string is described as follows: -# DisabledAlgorithms: -# " DisabledAlgorithm { , DisabledAlgorithm } " -# -# DisabledAlgorithm: -# AlgorithmName [Constraint] -# -# AlgorithmName: -# (see below) -# -# Constraint: -# KeySizeConstraint -# -# KeySizeConstraint: -# keySize Operator KeyLength -# -# Operator: -# <= | < | == | != | >= | > -# -# KeyLength: -# Integer value of the algorithm's key length in bits -# -# Note: This property is currently used by the JDK Reference -# implementation. It is not guaranteed to be examined and used by other -# implementations. -# -jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024 - # # Serialization process-wide filter #
--- a/src/share/lib/security/java.security-solaris Mon Oct 24 12:28:25 2016 -0700 +++ b/src/share/lib/security/java.security-solaris Tue Oct 25 11:52:39 2016 -0700 @@ -522,6 +522,43 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ DSA keySize < 1024, EC keySize < 224 +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 + # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing # @@ -713,43 +750,6 @@ noDuplicateIds,\ noRetrievalMethodLoops -# Algorithm restrictions for signed JAR files -# -# In some environments, certain algorithms or key lengths may be undesirable -# for signed JAR validation. For example, "MD2" is generally no longer -# considered to be a secure hash algorithm. This section describes the -# mechanism for disabling algorithms based on algorithm name and/or key length. -# JARs signed with any of the disabled algorithms or key sizes will be treated -# as unsigned. -# -# The syntax of the disabled algorithm string is described as follows: -# DisabledAlgorithms: -# " DisabledAlgorithm { , DisabledAlgorithm } " -# -# DisabledAlgorithm: -# AlgorithmName [Constraint] -# -# AlgorithmName: -# (see below) -# -# Constraint: -# KeySizeConstraint -# -# KeySizeConstraint: -# keySize Operator KeyLength -# -# Operator: -# <= | < | == | != | >= | > -# -# KeyLength: -# Integer value of the algorithm's key length in bits -# -# Note: This property is currently used by the JDK Reference -# implementation. It is not guaranteed to be examined and used by other -# implementations. -# -jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024 - # # Serialization process-wide filter #
--- a/src/share/lib/security/java.security-windows Mon Oct 24 12:28:25 2016 -0700 +++ b/src/share/lib/security/java.security-windows Tue Oct 25 11:52:39 2016 -0700 @@ -523,6 +523,43 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ DSA keySize < 1024, EC keySize < 224 +# Algorithm restrictions for signed JAR files +# +# In some environments, certain algorithms or key lengths may be undesirable +# for signed JAR validation. For example, "MD2" is generally no longer +# considered to be a secure hash algorithm. This section describes the +# mechanism for disabling algorithms based on algorithm name and/or key length. +# JARs signed with any of the disabled algorithms or key sizes will be treated +# as unsigned. +# +# The syntax of the disabled algorithm string is described as follows: +# DisabledAlgorithms: +# " DisabledAlgorithm { , DisabledAlgorithm } " +# +# DisabledAlgorithm: +# AlgorithmName [Constraint] +# +# AlgorithmName: +# (see below) +# +# Constraint: +# KeySizeConstraint +# +# KeySizeConstraint: +# keySize Operator KeyLength +# +# Operator: +# <= | < | == | != | >= | > +# +# KeyLength: +# Integer value of the algorithm's key length in bits +# +# Note: This property is currently used by the JDK Reference +# implementation. It is not guaranteed to be examined and used by other +# implementations. +# +jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 + # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS) processing # @@ -714,43 +751,6 @@ noDuplicateIds,\ noRetrievalMethodLoops -# Algorithm restrictions for signed JAR files -# -# In some environments, certain algorithms or key lengths may be undesirable -# for signed JAR validation. For example, "MD2" is generally no longer -# considered to be a secure hash algorithm. This section describes the -# mechanism for disabling algorithms based on algorithm name and/or key length. -# JARs signed with any of the disabled algorithms or key sizes will be treated -# as unsigned. -# -# The syntax of the disabled algorithm string is described as follows: -# DisabledAlgorithms: -# " DisabledAlgorithm { , DisabledAlgorithm } " -# -# DisabledAlgorithm: -# AlgorithmName [Constraint] -# -# AlgorithmName: -# (see below) -# -# Constraint: -# KeySizeConstraint -# -# KeySizeConstraint: -# keySize Operator KeyLength -# -# Operator: -# <= | < | == | != | >= | > -# -# KeyLength: -# Integer value of the algorithm's key length in bits -# -# Note: This property is currently used by the JDK Reference -# implementation. It is not guaranteed to be examined and used by other -# implementations. -# -jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024 - # # Serialization process-wide filter #