JSSE Properties

The Java Secure Socket Extension (JSSE) provides a framework and implementation for secure network communications in Java. It's used for establishing secure connections using protocols like TLS/SSL. Several security properties within the JSSE can be configured to control the behavior and security of these connections. These properties are typically set within the $AGG_HOME/jre/conf/security/java.security file.

Disabling TLS/SSL Algorithms

Specific TLS/SSL algorithms (such as deprecated versions of TLS) can be disabled for enhanced security by modifying the jdk.tls.disabledAlgorithms property. This property is located in the $AGG_HOME/jre/conf/security/java.security file.

As an example, the property can be configured to disallow SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, Diffie-Hellman (DH) keys smaller than 1024 bits, Elliptic Curve (EC) keys smaller than 224 bits, 3DES_EDE_CBC, anonymous ciphers, null ciphers, and algorithms included in the jdk.disabled.namedCurves list with the following:

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA,DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, include jdk.disabled.namedCurves

Important Considerations:

Global Impact: This property affects the entire platform, not just a specific integration or Iotellect Server instance. Therefore, disabling an algorithm here will prevent its use for all communication within the platform.
Iotellect Version Compatibility: Disabling algorithms may impact compatibility with older versions of Iotellect. Test compatibility before deploying production servers with this property enabled.

DPF_EXPORT_V5.8.8 / TIME_1743710570 / 2025-04-03 20:02:50 / STRLEN_1973 / STRLEN_HTML_2522

{VERSION}

Was this page helpful?