8061210: Issues in TLS Reviewed-by: jnimeh, mullan, wetmore, ahgross, asmotrak

commit: 64accf5cbaffa1e259a4af81f28f9d4913126411 [log] [tgz]
author: xuelei <none@none> Fri Oct 24 11:49:24 2014 +0000
committer: xuelei <none@none> Fri Oct 24 11:49:24 2014 +0000
tree: 7bef035e154811467cc7424fe43d95f468a6f893
parent: d98fc5917591dd68bdf09c88889db35de3f322f6 [diff] [blame]
diff --git a/src/share/lib/security/java.security-aix b/src/share/lib/security/java.security-aix
index bb71a15..81ce1d7 100644
--- a/src/share/lib/security/java.security-aix
+++ b/src/share/lib/security/java.security-aix

@@ -479,8 +479,12 @@
 #
 # In some environments, certain algorithms or key lengths may be undesirable
 # when using SSL/TLS.  This section describes the mechanism for disabling
-# algorithms during SSL/TLS security parameters negotiation, including cipher
-# suites selection, peer authentication and key exchange mechanisms.
+# algorithms during SSL/TLS security parameters negotiation, including
+# protocol version negotiation, cipher suites selection, peer authentication
+# and key exchange mechanisms.
+#
+# Disabled algorithms will not be negotiated for SSL/TLS connections, even
+# if they are enabled explicitly in an application.
 #
 # For PKI-based peer authentication and key exchange mechanisms, this list
 # of disabled algorithms will also be checked during certification path
@@ -495,4 +499,5 @@
 # It is not guaranteed to be examined and used by other implementations.
 #
 # Example:
-#   jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
+#   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
+jdk.tls.disabledAlgorithms=SSLv3
commit	64accf5cbaffa1e259a4af81f28f9d4913126411	[log] [tgz]
author	xuelei <none@none>	Fri Oct 24 11:49:24 2014 +0000
committer	xuelei <none@none>	Fri Oct 24 11:49:24 2014 +0000
tree	7bef035e154811467cc7424fe43d95f468a6f893
parent	d98fc5917591dd68bdf09c88889db35de3f322f6 [diff] [blame]