This short howto explains how to disable the weak 3DES on Java to improve the overall security.
As the 3DES ciphers are weak (see CVE-2016-2183, CVE-2016-6329) they should be disabled. This can be done by the property jdk.tls.disabledAlgorithms in the security policy file java.security. This file is located in {APP_HOME}/jre/lib/security folder. A current “good” configuration would be the following:
jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, DESede, DES, RSA keySize < 2048
Cross information:
https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html
http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html
Â
