diff --git a/jdk/src/java.base/share/conf/security/java.security b/jdk/src/java.base/share/conf/security/java.security index 0b8863e641e..5e778810bb7 100644 --- a/jdk/src/java.base/share/conf/security/java.security +++ b/jdk/src/java.base/share/conf/security/java.security @@ -116,13 +116,6 @@ security.provider.tbd=SunPKCS11 # Example: # jdk.security.provider.preferred=AES/GCM/NoPadding:SunJCE, \ # MessageDigest.SHA-256:SUN, Group.HmacSHA2:SunJCE -# -#ifdef solaris-sparc -# Optional Solaris-SPARC configuration for non-FIPS 140 configurations. -# jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, Group.SHA2:SUN, \ -# HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE -# -#endif #jdk.security.provider.preferred= @@ -247,7 +240,6 @@ securerandom.strongAlgorithms=NativePRNGBlocking:SUN,DRBG:SUN # # The default value is an empty string, which is equivalent to # securerandom.drbg.config=Hash_DRBG,SHA-256,128,none -# securerandom.drbg.config= # @@ -270,27 +262,23 @@ policy.provider=sun.security.provider.PolicyFile # The default is to have a single system-wide policy file, # and a policy file in the user's home directory. -# policy.url.1=file:${java.home}/conf/security/java.policy policy.url.2=file:${user.home}/.java.policy # whether or not we expand properties in the policy file # if this is set to false, properties (${...}) will not be expanded in policy # files. -# policy.expandProperties=true # whether or not we allow an extra policy to be passed on the command line # with -Djava.security.policy=somefile. Comment out this line to disable # this feature. -# policy.allowSystemProperty=true # whether or not we look into the IdentityScope for trusted Identities # when encountering a 1.1 signed JAR file. If the identity is found # and is trusted, we grant it AllPermission. Note: the default policy # provider (sun.security.provider.PolicyFile) does not support this property. -# policy.ignoreIdentityScope=false # @@ -372,6 +360,7 @@ ssl.TrustManagerFactory.algorithm=PKIX # For this reason the default caching policy is to maintain these # results for 10 seconds. # +# networkaddress.cache.negative.ttl=10 # @@ -471,10 +460,8 @@ networkaddress.cache.negative.ttl=10 # Example, # krb5.kdc.bad.policy = tryLast # krb5.kdc.bad.policy = tryLess:2,2000 -# krb5.kdc.bad.policy = tryLast -# # Algorithm restrictions for certification path (CertPath) processing # # In some environments, certain algorithms or key lengths may be undesirable @@ -585,6 +572,35 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & denyAfter 2017-01-01, \ RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224 # +# RMI Registry Serial Filter +# +# The filter pattern uses the same format as jdk.serialFilter. +# This filter can override the builtin filter if additional types need to be +# allowed or rejected from the RMI Registry. +# +# Note: This property is currently used by the JDK Reference implementation. +# It is not guaranteed to be examined and used by other implementations. +# +#sun.rmi.registry.registryFilter=pattern;pattern +# +# RMI Distributed Garbage Collector (DGC) Serial Filter +# +# The filter pattern uses the same format as jdk.serialFilter. +# This filter can override the builtin filter if additional types need to be +# allowed or rejected from the RMI DGC. +# +# Note: This property is currently used by the JDK Reference implementation. +# It is not guaranteed to be examined and used by other implementations. +# +# The builtin DGC filter can approximately be represented as the filter pattern: +# +#sun.rmi.transport.dgcFilter=\ +# java.rmi.server.ObjID;\ +# java.rmi.server.UID;\ +# java.rmi.dgc.VMID;\ +# java.rmi.dgc.Lease;\ +# maxdepth=5;maxarray=10000 + # Algorithm restrictions for signed JAR files # # In some environments, certain algorithms or key lengths may be undesirable @@ -623,7 +639,6 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & denyAfter 2017-01-01, \ jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ DSA keySize < 1024 -# # Algorithm restrictions for Secure Socket Layer/Transport Layer Security # (SSL/TLS/DTLS) processing # @@ -924,32 +939,3 @@ jdk.xml.dsig.secureValidationPolicy=\ # #jdk.serialFilter=pattern;pattern -# -# RMI Registry Serial Filter -# -# The filter pattern uses the same format as jdk.serialFilter. -# This filter can override the builtin filter if additional types need to be -# allowed or rejected from the RMI Registry. -# -# Note: This property is currently used by the JDK Reference implementation. -# It is not guaranteed to be examined and used by other implementations. -# -#sun.rmi.registry.registryFilter=pattern;pattern -# -# RMI Distributed Garbage Collector (DGC) Serial Filter -# -# The filter pattern uses the same format as jdk.serialFilter. -# This filter can override the builtin filter if additional types need to be -# allowed or rejected from the RMI DGC. -# -# Note: This property is currently used by the JDK Reference implementation. -# It is not guaranteed to be examined and used by other implementations. -# -# The builtin DGC filter can approximately be represented as the filter pattern: -# -#sun.rmi.transport.dgcFilter=\ -# java.rmi.server.ObjID;\ -# java.rmi.server.UID;\ -# java.rmi.dgc.VMID;\ -# java.rmi.dgc.Lease;\ -# maxdepth=5;maxarray=10000