1# Licensed to the Apache Software Foundation (ASF) under one or more
2# contributor license agreements.  See the NOTICE file distributed with
3# this work for additional information regarding copyright ownership.
4# The ASF licenses this file to You under the Apache License, Version 2.0
5# (the "License"); you may not use this file except in compliance with
6# the License.  You may obtain a copy of the License at
7#
8#     http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16
17#
18# Providers
19# See also: J2SE doc. "How to Implement a Provider for the JavaTM Cryptography Architecture"
20#
21# Android's provider of OpenSSL backed implementations
22security.provider.1=com.android.org.conscrypt.OpenSSLProvider
23# Android's version of the CertPathValidator and CertPathBuilder
24security.provider.2=sun.security.provider.CertPathProvider
25# Android's stripped down BouncyCastle provider
26security.provider.3=com.android.org.bouncycastle.jce.provider.BouncyCastleProvider
27# Android's provider of OpenSSL backed implementations
28security.provider.4=com.android.org.conscrypt.JSSEProvider
29
30
31
32
33
34
35
36# The default SSLSocketFactory and SSLServerSocketFactory provider implementations.
37# See specification for
38# javax/net/ssl/SSLSocketFactory.html#getDefault()
39# javax/net/ssl/SSLServerSocketFactory.html#getDefault()
40
41# For regular SSLSockets, we have two implementations:
42ssl.SocketFactory.provider=com.android.org.conscrypt.OpenSSLSocketFactoryImpl
43#ssl.SocketFactory.provider=com.android.org.conscrypt.SSLSocketFactoryImpl
44
45# For SSLServerSockets, there's only the new, OpenSSL-based implementation:
46ssl.ServerSocketFactory.provider=com.android.org.conscrypt.OpenSSLSocketFactoryImpl
47
48# Default KeyStore type.
49# See specification for java/security/KeyStore.html#getDefaultType()
50keystore.type=BKS
51
52
53# Default KeyManagerFactory and TrustManagerFactory algorithms.
54# See specification for
55# javax/net/ssl/KeyManagerFactory.html#getDefaultAlgorithm()
56# javax/net/ssl/TrustManagerFactory.html#getDefaultAlgorithm()
57ssl.KeyManagerFactory.algorithm=PKIX
58ssl.TrustManagerFactory.algorithm=PKIX
59
60# The following Android-only property controls peer certificate validation.
61ssl.disablePeerCertificateChainVerification=false
62
63# Disable weak algorithms in CertPathVerifier and CertPathBuilder.
64jdk.certpath.disabledAlgorithms=MD2, MD4, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 160
65
66securerandom.strongAlgorithms=SHA1PRNG:AndroidOpenSSL
67