8076328: Enforce key exchange constraints Reviewed-by: wetmore, ahgross, asmotrak, xuelei

commit: eb375e335b0d5150c6546a50285c6a80ca291597 [log] [tgz]
author: igerasim <none@none> Fri Apr 24 13:59:30 2015 +0300
committer: igerasim <none@none> Fri Apr 24 13:59:30 2015 +0300
tree: 522945ae2d1d9132640c91cef0d5b041c6637ef0
parent: 56997996434699c3fdc6bf589d65c25a9b691861 [diff] [blame]
diff --git a/src/share/lib/security/java.security-aix b/src/share/lib/security/java.security-aix
index 891ec95..fa0ce4c 100644
--- a/src/share/lib/security/java.security-aix
+++ b/src/share/lib/security/java.security-aix

@@ -500,7 +500,7 @@
 #
 # Example:
 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
-jdk.tls.disabledAlgorithms=SSLv3
+jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768
 
 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
 # processing in JSSE implementation.
@@ -539,7 +539,7 @@
 #     1. JSSE cipher suite name, e.g., TLS_RSA_WITH_AES_128_CBC_SHA
 #     2. JSSE key exchange algorithm name, e.g., RSA
 #     3. JSSE cipher (encryption) algorithm name, e.g., AES_128_CBC
-#     4. JSSE message digest algorithm name, e.g., SHA-1
+#     4. JSSE message digest algorithm name, e.g., SHA
 #
 # See SSL/TLS specifications and "Java Cryptography Architecture Standard
 # Algorithm Name Documentation" for information about the algorithm names.
commit	eb375e335b0d5150c6546a50285c6a80ca291597	[log] [tgz]
author	igerasim <none@none>	Fri Apr 24 13:59:30 2015 +0300
committer	igerasim <none@none>	Fri Apr 24 13:59:30 2015 +0300
tree	522945ae2d1d9132640c91cef0d5b041c6637ef0
parent	56997996434699c3fdc6bf589d65c25a9b691861 [diff] [blame]