How to modify ciphers used by Java

search cancel

How to modify ciphers used by Java

book

Article ID: 276212

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor and Prevent for Web

Issue/Introduction

If you need to disable "weak ciphers" in Java

Cause

Vulnerability scan shows weak ciphers being used

Resolution

Filename: java.security
Path: C:\Program Files\AdoptOpenJRE\jdk8u352-b08-jre\lib\security

Add/Remove the specific algorithms or ciphers as seen below.

jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
RSA keySize < 2048, DSA keySize < 2048, DHE keySize < 2048, EC keySize < 224, \
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
SHA1 usage SignedJAR & denyAfter 2019-01-01, \
include jdk.disabled.namedCurves

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 2048, \
DSA keySize < 2048, DHE keySize < 2048, SHA1 denyAfter 2019-01-01, \
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
include jdk.disabled.namedCurves

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 2048, DHE keySize < 2048, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
include jdk.disabled.namedCurves

Feedback

thumb_up Yes

thumb_down No