在Java8中禁用TLSv1.0 [英] Disabling TLSv1.0 in java8

问题描述

我正在尝试在Java 8中禁用TLSv1.0

I'm trying to disable TLSv1.0 in Java 8

我在下面的行中包含了TLSv1.0，如下所示:JRE/lib/security/java.security

I have included TLSv1.0 in the following line as follow in the JRE/lib/security/java.security

jdk.tls.disabledAlgorithms = SSLv3，RC4，MD5和RSA，DH，TLSv1.0

我仍然在测试时从TLSv1.0获取密码，但是当我配置TLSv1.1之类的其他版本时，我能够成功删除相应的密码

still, I'm getting the ciphers from the TLSv1.0 when I tested, but when I configured other versions like TLSv1.1, I was able to successfully remove the respective ciphers

这可能是什么问题?

是否可以删除JRE级别的特定密码?

Is there is any way to remove a specific ciphers in JRE level?

推荐答案

对于第一部分问题，我能够通过如下修改行来禁用TLSv1.0(使用TLSv1代替TLSv1.0)

for the first part question I was able to disable TLSv1.0 by modifying the line as below(used TLSv1 instead of TLSv1.0)

jdk.tls.disabledAlgorithms = SSLv3，RC4，MD5和RSA，DH，TLSv1

但是我仍然想知道，是否有可能在JRE级别禁用整个密码套件，例如，删除3个以下的密码

but I still want to get to know, is there are any possibilities that I can disable an entire cipher suite in JRE level, for example, removing below 3 ciphers

>    RSA_WITH_3DES_EDE_CBC_SHA
>      RSA_WITH_AES_128_CBC_SHA
>      RSA_WITH_AES_256_CBC_SHA

这篇关于在Java8中禁用TLSv1.0的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！