diff options
author | Arnstein Ressem <aressem@yahooinc.com> | 2022-04-08 14:23:35 +0200 |
---|---|---|
committer | Arnstein Ressem <aressem@yahooinc.com> | 2022-04-08 14:23:35 +0200 |
commit | 2e20bead9f53bc18d0946d77a0715b0ad2cfc28d (patch) | |
tree | 5f1c5465a7aec923beeafcba39769fd76cdbb501 /vespabase | |
parent | 13ea650dc641f7aad7923bf3dc6377e1884c9063 (diff) |
Add recommended java.security options.
Diffstat (limited to 'vespabase')
-rw-r--r-- | vespabase/conf/java.security.override | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/vespabase/conf/java.security.override b/vespabase/conf/java.security.override new file mode 100644 index 00000000000..5acbb15303b --- /dev/null +++ b/vespabase/conf/java.security.override @@ -0,0 +1,22 @@ +securerandom.source=file:/dev/urandom +networkaddress.cache.ttl=5 +networkaddress.cache.negative.ttl=5 +jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ + DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ + DES40_CBC, RC4_40, 3DES_EDE_CBC, \ + TLS_RSA_WITH_3DES_EDE_CBC_SHA, \ + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, \ + RSA_WITH_3DES_EDE_CBC_SHA, \ + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, \ + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \ + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, \ + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, \ + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, \ + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 +jdk.tls.legacyAlgorithms= \ + K_NULL, C_NULL, M_NULL, \ + DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ + DH_RSA_EXPORT, RSA_EXPORT, \ + DH_anon, ECDH_anon, \ + RC4_128, RC4_40, DES_CBC, DES40_CBC, \ + 3DES_EDE_CBC |