Monday, December 2, 2024

Disable weak cipher (e.g. 3DES, SSLv3, MD5, …) suites in Java

This short howto explains how to disable the weak 3DES on Java to improve the overall security.

As the 3DES ciphers are weak (see CVE-2016-2183, CVE-2016-6329) they should be disabled. This can be done by the property jdk.tls.disabledAlgorithms in the security policy file java.security. This file is located in {APP_HOME}/jre/lib/security folder. A current “good” configuration would be the following:

jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, DESede, DES, RSA keySize < 2048

Cross information:
https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html
http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html

 

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Stay Connected

35FollowersFollow
- Advertisement -

Latest Articles