## This is the "master security properties file".## In this file, various security properties are set for use by# java.security classes. This is where users can statically register# Cryptography Package Providers ("providers" for short). The term# "provider" refers to a package or set of packages that supply a# concrete implementation of a subset of the cryptography aspects of# the Java Security API. A provider may, for example, implement one or# more digital signature algorithms or message digest algorithms.## Each provider must implement a subclass of the Provider class.# To register a provider in this master security properties file,# specify the Provider subclass name and priority in the format##    security.provider.<n>=<className>## This declares a provider, and specifies its preference# order n. The preference order is the order in which providers are# searched for requested algorithms (when no specific provider is# requested). The order is 1-based; 1 is the most preferred, followed# by 2, and so on.## <className> must specify the subclass of the Provider class whose# constructor sets the values of various properties that are required# for the Java Security API to look up the algorithms or other# facilities implemented by the provider.## There must be at least one provider specification in java.security.# There is a default provider that comes standard with the JDK. It# is called the "SUN" provider, and its Provider subclass# named Sun appears in the sun.security.provider package. Thus, the# "SUN" provider is registered via the following:##    security.provider.1=sun.security.provider.Sun## (The number 1 is used for the default provider.)## Note: Statically registered Provider subclasses are instantiated# when the system is initialized. Providers can be dynamically# registered instead by calls to either the addProvider or# insertProviderAt method in the Security class.## List of providers and their preference orders (see above):#security.provider.1=sun.security.provider.Sunsecurity.provider.2=com.sun.net.ssl.internal.ssl.Providersecurity.provider.3=com.sun.rsajca.Providersecurity.provider.4=com.sun.crypto.provider.SunJCEsecurity.provider.5=sun.security.jgss.SunProvider## Select the source of seed data for SecureRandom. By default an# attempt is made to use the entropy gathering device specified by # the securerandom.source property. If an exception occurs when# accessing the URL then the traditional system/thread activity # algorithm is used. # On Windows systems, the URL file:/dev/random enables use of the# Microsoft CryptoAPI seed functionality.#securerandom.source=file:/dev/random## The entropy gathering device is described as a URL and can # also be specified with the property "java.security.egd". For example,#   -Djava.security.egd=file:/dev/urandom# Specifying this property will override the securerandom.source setting.## Class to instantiate as the javax.security.auth.login.Configuration# provider.#login.configuration.provider=com.sun.security.auth.login.ConfigFile## Default login configuration file##login.config.url.1=file:${user.home}/.java.login.config## Class to instantiate as the system Policy. This is the name of the class# that will be used as the Policy object.#policy.provider=sun.security.provider.PolicyFile# The default is to have a single system-wide policy file,# and a policy file in the user's home directory.policy.url.1=file:${java.home}/lib/security/java.policypolicy.url.2=file:${user.home}/.java.policy# whether or not we expand properties in the policy file# if this is set to false, properties (${...}) will not be expanded in policy# files.policy.expandProperties=true# whether or not we allow an extra policy to be passed on the command line# with -Djava.security.policy=somefile. Comment out this line to disable# this feature.policy.allowSystemProperty=true# whether or not we look into the IdentityScope for trusted Identities# when encountering a 1.1 signed JAR file. If the identity is found# and is trusted, we grant it AllPermission.policy.ignoreIdentityScope=false## Default keystore type.#keystore.type=jks## Class to instantiate as the system scope:#system.scope=sun.security.provider.IdentityDatabase## List of comma-separated packages that start with or equal this string# will cause a security exception to be thrown when# passed to checkPackageAccess unless the# corresponding RuntimePermission ("accessClassInPackage."+package) has# been granted.package.access=sun.## List of comma-separated packages that start with or equal this string# will cause a security exception to be thrown when# passed to checkPackageDefinition unless the# corresponding RuntimePermission ("defineClassInPackage."+package) has# been granted.## by default, no packages are restricted for definition, and none of# the class loaders supplied with the JDK call checkPackageDefinition.##package.definition=## Determines whether this properties file can be appended to# or overridden on the command line via -Djava.security.properties#security.overridePropertiesFile=true## Determines the default key and trust manager factory algorithms for # the javax.net.ssl package.#ssl.KeyManagerFactory.algorithm=SunX509ssl.TrustManagerFactory.algorithm=SunX509## Determines the default SSLSocketFactory and SSLServerSocketFactory# provider implementations for the javax.net.ssl package.  If, due to# export and/or import regulations, the providers are not allowed to be# replaced, changing these values will produce non-functional# SocketFactory or ServerSocketFactory implementations.##ssl.SocketFactory.provider=#ssl.ServerSocketFactory.provider=## The Java-level namelookup cache policy for successful lookups:## any negative value: caching forever# any positive value: the number of seconds to cache an address for# zero: do not cache## default value is forever (FOREVER). For security reasons, this# caching is made forever when a security manager is set.## NOTE: setting this to anything other than the default value can have#       serious security implications. Do not set it unless #       you are sure you are not exposed to DNS spoofing attack.##networkaddress.cache.ttl=-1 # The Java-level namelookup cache policy for failed lookups:## any negative value: cache forever# any positive value: the number of seconds to cache negative lookup results# zero: do not cache## In some Microsoft Windows networking environments that employ# the WINS name service in addition to DNS, name service lookups# that fail may take a noticeably long time to return (approx. 5 seconds).# For this reason the default caching policy is to maintain these# results for 10 seconds. ##networkaddress.cache.negative.ttl=10