Disabled and restricted cryptographic algorithms
In some environments, certain algorithms or key lengths might be undesirable when using
TLS. The SDK uses the jdk.certpath.disabledAlgorithms
and
jdk.tls.disabledAlgorithm
security properties to disable algorithms during TLS
protocol negotiation, including version negotiation, cipher suites selection, peer authentication,
and key exchange mechanisms.
See the <install_dir>/jre/lib/security/java.security
file
for information about the syntax of these security properties and their current active values.
If you require a particular algorithm, you can reactivate it by either removing it from the
security property in the java.security
file or by dynamically setting the proper
security property before JSSE is initialized.
The jdk.certpath.disabledAlgorithms
property
jdk.certpath.disabledAlgorithms=MD2, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024
The cryptographic hash algorithm MD2
is no longer considered
secure. Any certificate that is signed with MD2
is not accepted.
The cryptographic hash algorithm
MD5
is no longer considered secure. Any certificate that is signed with
MD5
is not accepted.
jdk.certpath.disabledAlgorithms
includes a
restriction on RSA
key size, the
DSA
key size, and the EC
key size. The default value of this
property is:
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
Any certificate signed with MD2
, MD5
, or with a
RSA
, DSA
, or EC
keys of less than specified
number of bits in length is not acceptable. The jdk.tls.disabledAlgorithms
property
jdk.certpath.disabledAlgorithms
security property. For
example, the following line disables the SSLv3 algorithm and all of the TLS_*_RC4_*
cipher suites:jdk.tls.disabledAlgorithms=SSLv3, RC4
To mitigate against the Padding Oracle On Downgraded Legacy Encryption (POODLE) security vulnerability, SSL V3.0 is disabled by default.
To mitigate against the Bar Mitzvah security vulnerability CVE-2015-2808, RC4 is disabled by default.
To mitigate against the Logjam security vulnerability CVE-2015-4000, DH key sizes must be greater than 768 bits.
To mitigate against the SLOTH security vulnerability CVE-2015-7575, MD5withRSA is disabled by default.
3DES
ciphers are no longer considered secure
and are disabled by including the DESede
algorithm by default.
EC keys with less than 224 bits can no longer be used.
Algorithms DES40_CBC and RC4_40 are disabled by default.
DES_CBC algorithms are disabled by default.
DH key sizes must be greater than 1024 bits.
DES algorithms are disabled by default.
Algorithms anon and NULL are disabled by default.
TLS 1.0 and 1.1 are disabled by default.
com.ibm.jsse2.disableSSLv3
. For example, if you attempt to enable SSL v3.0 by
setting com.ibm.jsse2.disableSSLv3=false
, the property is ignored and SSL v3.0
remains disabled.