sdks/java/container/java17/java17-security.properties - beam - Git at Google

 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 # Java 17 java.security properties file override for JVM
 # base properties derived from:
 # openjdk version "17.0.2" 2022-01-18
 # OpenJDK Runtime Environment (build 17.0.2+8-86)
 # OpenJDK 64-Bit Server VM (build 17.0.2+8-86, mixed mode, sharing)

 # Java has now disabled TLSv1 and TLSv1.1. We specifically put it in the
 # legacy algorithms list to allow it to be used if something better is not
 # available (e.g. TLSv1.2). This will prevent breakages for existing users
 # (for example JDBC with MySQL). See
 # https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8202343
 # for additional details.
 jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \
     DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL

 # The raw value from 17.0.2 for legacyAlgorithms is
 #   NULL, anon, RC4, DES, 3DES_EDE_CBC
 # Because these values are in disabledAlgorithms, it is erroneous to include
 # them in legacy (they are disabled in Java 8 and Java 11 as well). Here we
 # only include TLSv1 and TLSv1.1 which were removed from disabledAlgorithms
 jdk.tls.legacyAlgorithms=TLSv1, TLSv1.1

 # /dev/random blocks in virtualized environments due to lack of
 # good entropy sources, which makes SecureRandom use impractical.
 # In particular, that affects the performance of HTTPS that relies
 # on SecureRandom.
 #
 # Due to that, /dev/urandom is used as the default.
 #
 # See http://www.2uo.de/myths-about-urandom/ for some background
 # on security of /dev/urandom on Linux.
 securerandom.source=file:/dev/./urandom
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	# Java 17 java.security properties file override for JVM
	# base properties derived from:
	# openjdk version "17.0.2" 2022-01-18
	# OpenJDK Runtime Environment (build 17.0.2+8-86)
	# OpenJDK 64-Bit Server VM (build 17.0.2+8-86, mixed mode, sharing)

	# Java has now disabled TLSv1 and TLSv1.1. We specifically put it in the
	# legacy algorithms list to allow it to be used if something better is not
	# available (e.g. TLSv1.2). This will prevent breakages for existing users
	# (for example JDBC with MySQL). See
	# https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8202343
	# for additional details.
	jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \
	DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL

	# The raw value from 17.0.2 for legacyAlgorithms is
	# NULL, anon, RC4, DES, 3DES_EDE_CBC
	# Because these values are in disabledAlgorithms, it is erroneous to include
	# them in legacy (they are disabled in Java 8 and Java 11 as well). Here we
	# only include TLSv1 and TLSv1.1 which were removed from disabledAlgorithms
	jdk.tls.legacyAlgorithms=TLSv1, TLSv1.1

	# /dev/random blocks in virtualized environments due to lack of
	# good entropy sources, which makes SecureRandom use impractical.
	# In particular, that affects the performance of HTTPS that relies
	# on SecureRandom.
	#
	# Due to that, /dev/urandom is used as the default.
	#
	# See http://www.2uo.de/myths-about-urandom/ for some background
	# on security of /dev/urandom on Linux.
	securerandom.source=file:/dev/./urandom