问题描述
我正在尝试在Java 8中禁用TLSv1.0
I'm trying to disable TLSv1.0 in Java 8
我在下面的行中包含了TLSv1.0,如下所示:JRE/lib/security/java.security
I have included TLSv1.0 in the following line as follow in the JRE/lib/security/java.security
jdk.tls.disabledAlgorithms = SSLv3,RC4,MD5和RSA,DH,TLSv1.0
我仍然在测试时从TLSv1.0获取密码,但是当我配置TLSv1.1之类的其他版本时,我能够成功删除相应的密码
still, I'm getting the ciphers from the TLSv1.0 when I tested, but when I configured other versions like TLSv1.1, I was able to successfully remove the respective ciphers
这可能是什么问题?
是否可以删除JRE级别的特定密码?
Is there is any way to remove a specific ciphers in JRE level?
推荐答案
对于第一部分问题,我能够通过如下修改行来禁用TLSv1.0(使用TLSv1代替TLSv1.0)
for the first part question I was able to disable TLSv1.0 by modifying the line as below(used TLSv1 instead of TLSv1.0)
jdk.tls.disabledAlgorithms = SSLv3,RC4,MD5和RSA,DH,TLSv1
但是我仍然想知道,是否有可能在JRE级别禁用整个密码套件,例如,删除3个以下的密码
but I still want to get to know, is there are any possibilities that I can disable an entire cipher suite in JRE level, for example, removing below 3 ciphers
> RSA_WITH_3DES_EDE_CBC_SHA
> RSA_WITH_AES_128_CBC_SHA
> RSA_WITH_AES_256_CBC_SHA
这篇关于在Java8中禁用TLSv1.0的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!