-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Iwan Igonin <[email protected]>
- Loading branch information
Showing
19 changed files
with
406 additions
and
80 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
# Security Properties for JDK 11 and higher, with BouncyCastle FIPS provider and BouncyCastleJSSEProvider in non-approved mode | ||
|
||
security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider | ||
security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider | ||
security.provider.3=SUN | ||
security.provider.4=SunJGSS | ||
|
||
securerandom.source=file:/dev/urandom | ||
securerandom.strongAlgorithms=NativePRNGBlocking:SUN,DRBG:SUN | ||
securerandom.drbg.config= | ||
|
||
login.configuration.provider=sun.security.provider.ConfigFile | ||
policy.provider=sun.security.provider.PolicyFile | ||
policy.expandProperties=true | ||
policy.allowSystemProperty=true | ||
policy.ignoreIdentityScope=false | ||
keystore.type.compat=true | ||
|
||
package.access=sun.misc.,\ | ||
sun.reflect. | ||
package.definition=sun.misc.,\ | ||
sun.reflect. | ||
|
||
security.overridePropertiesFile=true | ||
|
||
ssl.KeyManagerFactory.algorithm=PKIX | ||
ssl.TrustManagerFactory.algorithm=PKIX | ||
|
||
networkaddress.cache.negative.ttl=10 | ||
krb5.kdc.bad.policy = tryLast | ||
|
||
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024 | ||
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024 | ||
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, DES40_CBC, RC4_40 | ||
jdk.tls.legacyAlgorithms= \ | ||
K_NULL, C_NULL, M_NULL, \ | ||
DH_anon, ECDH_anon, \ | ||
RC4_128, RC4_40, DES_CBC, DES40_CBC, \ | ||
3DES_EDE_CBC | ||
jdk.tls.keyLimits=AES/GCM/NoPadding KeyUpdate 2^37 | ||
|
||
crypto.policy=unlimited | ||
|
||
jdk.xml.dsig.secureValidationPolicy=\ | ||
disallowAlg http://www.w3.org/2001/04/xmldsig-more#rsa-md5,\ | ||
disallowAlg http://www.w3.org/2001/04/xmldsig-more#hmac-md5,\ | ||
disallowAlg http://www.w3.org/2001/04/xmldsig-more#md5,\ | ||
maxTransforms 5,\ | ||
maxReferences 30,\ | ||
disallowReferenceUriSchemes file http https,\ | ||
minKeySize RSA 1024,\ | ||
minKeySize DSA 1024,\ | ||
minKeySize EC 224,\ | ||
noDuplicateIds,\ | ||
noRetrievalMethodLoops | ||
|
||
jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep;\ | ||
java.base/java.security.KeyRep$Type;java.base/javax.crypto.spec.SecretKeySpec;!* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.