Skip to content

Commit d40c6c7

Browse files
tvernumtvernum
committed
Remove info about older JDKs
1 parent 86801e7 commit d40c6c7

File tree

1 file changed

+10
-20
lines changed

1 file changed

+10
-20
lines changed

docs/reference/security/securing-communications/tls-versions-jdk.asciidoc

Lines changed: 10 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -33,13 +33,8 @@ TLS v1.2 is supported on all {es} <<jvm-version,compatible JDKs>>.
3333
It is enabled by default on all JDKs that are supported by {es}, including the bundled JDK.
3434

3535
`TLSv1.3`::
36-
TLS v1.3 is supported on JDK11 and later, and JDK8 builds newer than 8u261
37-
(including the most recent release of each JDK8 distribution that {es} supports).
38-
TLS v1.3 is supported and enabled by default on the JDK that is bundled with {es}.
39-
+
40-
NOTE: Although {es} supports running on older JDK8 builds without TLS v1.3,
41-
we recommend upgrading to a JDK version that includes TLS v1.3 for better
42-
support and updates.
36+
TLS v1.3 is supported on all {es} <<jvm-version,compatible JDKs>>.
37+
It is enabled by default on all JDKs that are supported by {es}, including the bundled JDK.
4338

4439
[[jdk-enable-tls-protocol]]
4540
==== Enabling additional SSL/TLS versions on your JDK
@@ -67,13 +62,6 @@ the {es} home directory (`$ES_HOME`):
6762
* Windows: `$ES_HOME/jdk/conf/security/java.security`
6863
* macOS:`$ES_HOME/jdk.app/Contents/Home/conf/security/java.security`
6964

70-
For **JDK8**, the configuration file is within the `jre/lib/security` directory
71-
of the Java installation.
72-
If `$JAVA_HOME` points to the home directory of the JDK that you use to run {es},
73-
then the configuration file will be in:
74-
75-
* `$JAVA_HOME/jre/lib/security/java.security`
76-
7765
For **JDK11 or later**, the configuration file is within the `conf/security`
7866
directory of the Java installation.
7967
If `$JAVA_HOME` points to the home directory of the JDK that you use to run
@@ -88,11 +76,12 @@ Within the JDK configuration file is a line that starts with
8876
This setting controls which protocols and algorithms are _disabled_ in your JDK.
8977
The value of that setting will typically span multiple lines.
9078

91-
For example, in OpenJDK 16 the setting is:
79+
For example, in OpenJDK 21 the setting is:
9280
[source,text]
9381
--------------------------------------------------
94-
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
95-
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
82+
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, \
83+
MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
84+
ECDH
9685
--------------------------------------------------
9786

9887
Create a new file in your in your {es} configuration directory named `es.java.security`.
@@ -105,15 +94,16 @@ Edit the `es.java.security` file in your {es} configuration directory, and
10594
modify the `jdk.tls.disabledAlgorithms` setting so that any SSL or TLS versions
10695
that you wish to use are no longer listed.
10796

108-
For example, to enable TLSv1.1 on OpenJDK 16 (which uses the
97+
For example, to enable TLSv1.1 on OpenJDK 21 (which uses the
10998
`jdk.tls.disabledAlgorithms` settings shown previously), the
11099
`es.java.security` file would contain the previously disabled TLS algorithms
111100
_except_ `TLSv1.1`:
112101

113102
[source,text]
114103
--------------------------------------------------
115-
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, \
116-
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
104+
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, DTLSv1.0, RC4, DES, \
105+
MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
106+
ECDH
117107
--------------------------------------------------
118108

119109
===== Enable your custom security configuration

0 commit comments

Comments
 (0)