Disabled and restricted cryptographic algorithms

In some environments, certain algorithms or key lengths might be undesirable when using TLS. The SDK uses the jdk.certpath.disabledAlgorithms and jdk.tls.disabledAlgorithm security properties to disable algorithms during TLS protocol negotiation, including version negotiation, cipher suites selection, peer authentication, and key exchange mechanisms.

See the <install_dir>/jre/lib/security/java.security file for information about the syntax of these security properties and their current active values.

If you require a particular algorithm, you can reactivate it by either removing it from the security property in the java.security file or by dynamically setting the proper security property before JSSE is initialized.

The `jdk.certpath.disabledAlgorithms` property

CertPath code uses this security property to determine which algorithms should not be allowed during CertPath checking. For example, when a TLS server sends an identifying certificate chain, a client TrustManager that uses a CertPath implementation to verify the received chain will not allow the stated conditions. For example, the following line blocks any MD2-based certificate, as well as SHA1 TLSServer certificates that chain to trust anchors that are pre-installed in the cacerts keystore. Likewise, this line blocks any RSA key less than 1024 bits.

jdk.certpath.disabledAlgorithms=MD2, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024

The cryptographic hash algorithm MD2 is no longer considered secure. Any certificate that is signed with MD2 is not accepted.

Start of changes for service refresh 2 fix pack 10 The cryptographic hash algorithm MD5 is no longer considered secure. Any certificate that is signed with MD5 is not accepted. End of changes for service refresh 2 fix pack 10

The default value of jdk.certpath.disabledAlgorithms includes a restriction on RSA key size, Start of changes for service refresh 4 fix pack 5

the DSA key size, and the EC key size End of changes for service refresh 4 fix pack 5

. The default value of this property is:

jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224

Any certificate signed with MD2, MD5, or with a RSA, DSA, or EC keys of less than specified number of bits in length is not acceptable.

The `jdk.tls.disabledAlgorithms` property

JSSE code uses this security property to disable TLS protocols, cipher suites, keys, and so on. The syntax is similar to the jdk.certpath.disabledAlgorithms security property. For example, the following line disables the SSLv3 algorithm and all of the TLS_*_RC4_* cipher suites:

jdk.tls.disabledAlgorithms=SSLv3, RC4

To mitigate against the Padding Oracle On Downgraded Legacy Encryption (POODLE) security vulnerability, SSL V3.0 is disabled by default.

Start of changes for service refresh 1 To mitigate against the Bar Mitzvah security vulnerability CVE-2015-2808, RC4 is disabled by default. End of changes for service refresh 1

Start of changes for service refresh 1 fix pack 1 To mitigate against the Logjam security vulnerability CVE-2015-4000, DH key sizes must be greater than 768 bits. End of changes for service refresh 1 fix pack 1

Start of changes for service refresh 2 fix pack 10 To mitigate against the SLOTH security vulnerability CVE-2015-7575, MD5withRSA is disabled by default. End of changes for service refresh 2 fix pack 10

Start of changes for service refresh 4 3DES ciphers are no longer considered secure and are disabled by including the DESede algorithm by default. End of changes for service refresh 4

Start of changes for service refresh 4 fix pack 5 EC keys with less than 224 bits can no longer be used. End of changes for service refresh 4 fix pack 5

Start of changes for service refresh 5 fix pack 10 Algorithms DES40_CBC and RC4_40 are disabled by default. End of changes for service refresh 5 fix pack 10

Start of changes for service refresh 5 fix pack 10 DES_CBC algorithms are disabled by default. End of changes for service refresh 5 fix pack 10

DH key sizes must be greater than 1024 bits.

Start of changes for service refresh 5 fix pack 25 DES algorithms are disabled by default. End of changes for service refresh 5 fix pack 25

Start of changes for service refresh 5 fix pack 30 Algorithms anon and NULL are disabled by default. End of changes for service refresh 5 fix pack 30

Start of changes for service refresh 6 fix pack 30 TLS 1.0 and 1.1 are disabled by default. End of changes for service refresh 6 fix pack 30

Note: This property takes precedence over the system property com.ibm.jsse2.disableSSLv3. For example, if you attempt to enable SSL v3.0 by setting com.ibm.jsse2.disableSSLv3=false, the property is ignored and SSL v3.0 remains disabled.

Disabled and restricted cryptographic algorithms

The jdk.certpath.disabledAlgorithms property

The jdk.tls.disabledAlgorithms property

The `jdk.certpath.disabledAlgorithms` property

The `jdk.tls.disabledAlgorithms` property