sdks/java/container/java11/java11-security.properties - beam - Git at Google

 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 # Java 11 java.security properties file override for JVM
 # base properties derived from:
 # openjdk version "11.0.16" 2022-07-19
 # OpenJDK Runtime Environment 18.9 (build 11.0.16+8)
 # OpenJDK 64-Bit Server VM 18.9 (build 11.0.16+8, mixed mode, sharing)

 # Java has now disabled TLSv1 and TLSv1.1. We specifically put it in the
 # legacy algorithms list to allow it to be used if something better is not
 # available (e.g. TLSv1.2). This will prevent breakages for existing users
 # (for example JDBC with MySQL). See
 # https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8202343
 # for additional details.
 jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \
     DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
     include jdk.disabled.namedCurves

 jdk.tls.legacyAlgorithms= \
     K_NULL, C_NULL, M_NULL, \
     DH_anon, ECDH_anon, \
     RC4_128, RC4_40, DES_CBC, DES40_CBC, \
     3DES_EDE_CBC, TLSv1, TLSv1.1

 # /dev/random blocks in virtualized environments due to lack of
 # good entropy sources, which makes SecureRandom use impractical.
 # In particular, that affects the performance of HTTPS that relies
 # on SecureRandom.
 #
 # Due to that, /dev/urandom is used as the default.
 #
 # See http://www.2uo.de/myths-about-urandom/ for some background
 # on security of /dev/urandom on Linux.
 securerandom.source=file:/dev/./urandom
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	# Java 11 java.security properties file override for JVM
	# base properties derived from:
	# openjdk version "11.0.16" 2022-07-19
	# OpenJDK Runtime Environment 18.9 (build 11.0.16+8)
	# OpenJDK 64-Bit Server VM 18.9 (build 11.0.16+8, mixed mode, sharing)

	# Java has now disabled TLSv1 and TLSv1.1. We specifically put it in the
	# legacy algorithms list to allow it to be used if something better is not
	# available (e.g. TLSv1.2). This will prevent breakages for existing users
	# (for example JDBC with MySQL). See
	# https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8202343
	# for additional details.
	jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \
	DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
	include jdk.disabled.namedCurves

	jdk.tls.legacyAlgorithms= \
	K_NULL, C_NULL, M_NULL, \
	DH_anon, ECDH_anon, \
	RC4_128, RC4_40, DES_CBC, DES40_CBC, \
	3DES_EDE_CBC, TLSv1, TLSv1.1

	# /dev/random blocks in virtualized environments due to lack of
	# good entropy sources, which makes SecureRandom use impractical.
	# In particular, that affects the performance of HTTPS that relies
	# on SecureRandom.
	#
	# Due to that, /dev/urandom is used as the default.
	#
	# See http://www.2uo.de/myths-about-urandom/ for some background
	# on security of /dev/urandom on Linux.
	securerandom.source=file:/dev/./urandom