diff options
| -rwxr-xr-x | configserver/src/main/sh/start-configserver | 13 | ||||
| -rwxr-xr-x | container-disc/src/main/sh/vespa-start-container-daemon.sh | 1 | ||||
| -rw-r--r-- | dist/vespa.spec | 1 | ||||
| -rwxr-xr-x | standalone-container/src/main/sh/standalone-container.sh | 1 | ||||
| -rw-r--r-- | vespabase/conf/java.security.override | 22 |
5 files changed, 6 insertions, 32 deletions
diff --git a/configserver/src/main/sh/start-configserver b/configserver/src/main/sh/start-configserver index 4ed972245ae..81382fcea9a 100755 --- a/configserver/src/main/sh/start-configserver +++ b/configserver/src/main/sh/start-configserver @@ -172,15 +172,14 @@ vespa-run-as-vespa-user vespa-runserver -s configserver -r 30 -p $pidfile -- \ -XX:-OmitStackTraceInFastThrow \ -XX:MaxJavaStackTraceDepth=1000000 \ $jvmargs \ - --add-opens=java.base/java.io=ALL-UNNAMED \ - --add-opens=java.base/java.lang=ALL-UNNAMED \ - --add-opens=java.base/java.net=ALL-UNNAMED \ - --add-opens=java.base/java.nio=ALL-UNNAMED \ - --add-opens=java.base/jdk.internal.loader=ALL-UNNAMED \ - --add-opens=java.base/sun.security.ssl=ALL-UNNAMED \ + --add-opens=java.base/java.io=ALL-UNNAMED \ + --add-opens=java.base/java.lang=ALL-UNNAMED \ + --add-opens=java.base/java.net=ALL-UNNAMED \ + --add-opens=java.base/java.nio=ALL-UNNAMED \ + --add-opens=java.base/jdk.internal.loader=ALL-UNNAMED \ + --add-opens=java.base/sun.security.ssl=ALL-UNNAMED \ -Djava.io.tmpdir=${VESPA_HOME}/tmp \ -Djava.library.path=${VESPA_HOME}/lib64 \ - -Djava.security.properties=${VESPA_HOME}/conf/vespa/java.security.override \ -Djava.awt.headless=true \ -Dsun.rmi.dgc.client.gcInterval=3600000 \ -Dsun.net.client.defaultConnectTimeout=5000 -Dsun.net.client.defaultReadTimeout=60000 \ diff --git a/container-disc/src/main/sh/vespa-start-container-daemon.sh b/container-disc/src/main/sh/vespa-start-container-daemon.sh index 19d54b2cfea..a6c2c5999a8 100755 --- a/container-disc/src/main/sh/vespa-start-container-daemon.sh +++ b/container-disc/src/main/sh/vespa-start-container-daemon.sh @@ -285,7 +285,6 @@ exec $numactlcmd $envcmd java \ --add-opens=java.base/sun.security.ssl=ALL-UNNAMED \ -Djava.io.tmpdir="${VESPA_HOME}/tmp" \ -Djava.library.path="${VESPA_HOME}/lib64" \ - -Djava.security.properties=${VESPA_HOME}/conf/vespa/java.security.override \ -Djava.awt.headless=true \ -Djavax.net.ssl.keyStoreType=JKS \ -Djdk.tls.rejectClientInitiatedRenegotiation=true \ diff --git a/dist/vespa.spec b/dist/vespa.spec index 71d976f64a3..ce2f0137262 100644 --- a/dist/vespa.spec +++ b/dist/vespa.spec @@ -783,7 +783,6 @@ fi %dir %{_prefix}/conf %dir %{_prefix}/conf/vespa %config(noreplace) %{_prefix}/conf/vespa/default-env.txt -%config(noreplace) %{_prefix}/conf/vespa/java.security.override %{_prefix}/jdk %dir %{_prefix}/lib %dir %{_prefix}/lib/jars diff --git a/standalone-container/src/main/sh/standalone-container.sh b/standalone-container/src/main/sh/standalone-container.sh index dc82235f6c4..b34535c6867 100755 --- a/standalone-container/src/main/sh/standalone-container.sh +++ b/standalone-container/src/main/sh/standalone-container.sh @@ -176,7 +176,6 @@ StartCommand() { --add-opens=java.base/jdk.internal.loader=ALL-UNNAMED \ --add-opens=java.base/sun.security.ssl=ALL-UNNAMED \ -Djava.library.path="$VESPA_HOME/lib64" \ - -Djava.security.properties=${VESPA_HOME}/conf/vespa/java.security.override \ -Djava.awt.headless=true \ -Dsun.rmi.dgc.client.gcInterval=3600000 \ -Dsun.net.client.defaultConnectTimeout=5000 \ diff --git a/vespabase/conf/java.security.override b/vespabase/conf/java.security.override deleted file mode 100644 index 5acbb15303b..00000000000 --- a/vespabase/conf/java.security.override +++ /dev/null @@ -1,22 +0,0 @@ -securerandom.source=file:/dev/urandom -networkaddress.cache.ttl=5 -networkaddress.cache.negative.ttl=5 -jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ - DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ - DES40_CBC, RC4_40, 3DES_EDE_CBC, \ - TLS_RSA_WITH_3DES_EDE_CBC_SHA, \ - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, \ - RSA_WITH_3DES_EDE_CBC_SHA, \ - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, \ - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \ - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, \ - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, \ - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, \ - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 -jdk.tls.legacyAlgorithms= \ - K_NULL, C_NULL, M_NULL, \ - DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ - DH_RSA_EXPORT, RSA_EXPORT, \ - DH_anon, ECDH_anon, \ - RC4_128, RC4_40, DES_CBC, DES40_CBC, \ - 3DES_EDE_CBC |