Add recommended java.security options.

author: Arnstein Ressem <aressem@yahooinc.com> 2022-04-08 14:23:35 +0200
committer: Arnstein Ressem <aressem@yahooinc.com> 2022-04-08 14:23:35 +0200
commit: 2e20bead9f53bc18d0946d77a0715b0ad2cfc28d (patch)
tree: 5f1c5465a7aec923beeafcba39769fd76cdbb501 /vespabase
parent: 13ea650dc641f7aad7923bf3dc6377e1884c9063 (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/vespabase/conf/java.security.override b/vespabase/conf/java.security.override
new file mode 100644
index 00000000000..5acbb15303b
--- /dev/null
+++ b/vespabase/conf/java.security.override
@@ -0,0 +1,22 @@
+securerandom.source=file:/dev/urandom
+networkaddress.cache.ttl=5
+networkaddress.cache.negative.ttl=5
+jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
+    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
+    DES40_CBC, RC4_40, 3DES_EDE_CBC, \
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA, \
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, \
+    RSA_WITH_3DES_EDE_CBC_SHA, \
+    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, \
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, \
+    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, \
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA, \
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+jdk.tls.legacyAlgorithms= \
+        K_NULL, C_NULL, M_NULL, \
+        DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
+        DH_RSA_EXPORT, RSA_EXPORT, \
+        DH_anon, ECDH_anon, \
+        RC4_128, RC4_40, DES_CBC, DES40_CBC, \
+        3DES_EDE_CBC
author	Arnstein Ressem <aressem@yahooinc.com>	2022-04-08 14:23:35 +0200
committer	Arnstein Ressem <aressem@yahooinc.com>	2022-04-08 14:23:35 +0200
commit	2e20bead9f53bc18d0946d77a0715b0ad2cfc28d (patch)
tree	5f1c5465a7aec923beeafcba39769fd76cdbb501 /vespabase
parent	13ea650dc641f7aad7923bf3dc6377e1884c9063 (diff)