github.com/apache/beam/sdks/v2@v2.48.2/java/container/java17/java17-security.properties

github.com/apache/beam/sdks/v2@v2.48.2/java/container/java17/java17-security.properties (about)

     1  # Licensed to the Apache Software Foundation (ASF) under one or more
     2  # contributor license agreements.  See the NOTICE file distributed with
     3  # this work for additional information regarding copyright ownership.
     4  # The ASF licenses this file to You under the Apache License, Version 2.0
     5  # (the "License"); you may not use this file except in compliance with
     6  # the License.  You may obtain a copy of the License at
     7  #
     8  #    http://www.apache.org/licenses/LICENSE-2.0
     9  #
    10  # Unless required by applicable law or agreed to in writing, software
    11  # distributed under the License is distributed on an "AS IS" BASIS,
    12  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  # See the License for the specific language governing permissions and
    14  # limitations under the License.
    15  
    16  # Java 17 java.security properties file override for JVM
    17  # base properties derived from:
    18  # openjdk version "17.0.2" 2022-01-18
    19  # OpenJDK Runtime Environment (build 17.0.2+8-86)
    20  # OpenJDK 64-Bit Server VM (build 17.0.2+8-86, mixed mode, sharing)
    21  
    22  # Java has now disabled TLSv1 and TLSv1.1. We specifically put it in the
    23  # legacy algorithms list to allow it to be used if something better is not
    24  # available (e.g. TLSv1.2). This will prevent breakages for existing users
    25  # (for example JDBC with MySQL). See
    26  # https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8202343
    27  # for additional details.
    28  jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \
    29      DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
    30  
    31  # The raw value from 17.0.2 for legacyAlgorithms is
    32  #   NULL, anon, RC4, DES, 3DES_EDE_CBC
    33  # Because these values are in disabledAlgorithms, it is erroneous to include
    34  # them in legacy (they are disabled in Java 8 and Java 11 as well). Here we 
    35  # only include TLSv1 and TLSv1.1 which were removed from disabledAlgorithms
    36  jdk.tls.legacyAlgorithms=TLSv1, TLSv1.1
    37  
    38  # /dev/random blocks in virtualized environments due to lack of
    39  # good entropy sources, which makes SecureRandom use impractical.
    40  # In particular, that affects the performance of HTTPS that relies
    41  # on SecureRandom.
    42  #
    43  # Due to that, /dev/urandom is used as the default.
    44  #
    45  # See http://www.2uo.de/myths-about-urandom/ for some background
    46  # on security of /dev/urandom on Linux.
    47  securerandom.source=file:/dev/./urandom