Legacy algorithms
In some environments, a certain algorithm might be undesirable but it cannot be disabled because
of its use in legacy applications. Legacy algorithms might still be supported, but applications
should not use them as the security strength of legacy algorithms is usually not strong enough.
During TLS security parameters negotiation, legacy algorithms are not negotiated unless there are no
other candidates. The security property jdk.tls.legacyAlgorithms
specifies which
algorithms the SDK considers as legacy algorithms. See the
<install_dir>/jre/lib/security/java.security
file for the
syntax of this security property.
Notes:
- If a legacy algorithm is also restricted through the
jdk.tls.disabledAlgorithms
property or thejava.security.AlgorithmConstraints
API (see the methodjavax.net.ssl.SSLParameters.setAlgorithmConstraints
), then the algorithm is completely disabled and will not be negotiated. - If your application uses an algorithm that is specified in the security property
jdk.tls.legacyAlgorithms
, use an alternative algorithm as soon as possible; a future SDK release might specify a legacy algorithm as a restricted algorithm.