fi
fi
+ # Add default security file option
+ if [ "x$ODL_JAVA_SECURITY_PROPERTIES" != "x" ]; then
+ DEFAULT_JAVA_OPTS="-Djava.security.properties="${ODL_JAVA_SECURITY_PROPERTIES}" $DEFAULT_JAVA_OPTS"
+ else
+ DEFAULT_JAVA_OPTS="-Djava.security.properties="${KARAF_ETC}/odl.java.security" $DEFAULT_JAVA_OPTS"
+ fi
+
# Add the jars in the lib dir
for file in "$KARAF_HOME"/lib/*.jar
do
)\r
\r
set DEFAULT_JAVA_OPTS=\r
+if not "%ODL_JAVA_SECURITY_PROPERTIES%" == "" (\r
+ set DEFAULT_JAVA_OPTS=-Djava.security.properties="%ODL_JAVA_SECURITY_PROPERTIES%" %DEFAULT_JAVA_OPTS%\r
+) else (\r
+ set DEFAULT_JAVA_OPTS=-Djava.security.properties="%KARAF_ETC%\odl.java.security" %DEFAULT_JAVA_OPTS%\r
+)\r
+\r
set DEFAULT_JAVA_DEBUG_OPTS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005\r
\r
rem Support for loading native libraries\r
fi
fi
+ # Add default security file option
+ if [ "x$ODL_JAVA_SECURITY_PROPERTIES" != "x" ]; then
+ DEFAULT_JAVA_OPTS="-Djava.security.properties="${ODL_JAVA_SECURITY_PROPERTIES}" $DEFAULT_JAVA_OPTS"
+ else
+ DEFAULT_JAVA_OPTS="-Djava.security.properties="${KARAF_ETC}/odl.java.security" $DEFAULT_JAVA_OPTS"
+ fi
+
# Add the jars in the lib dir
for file in "$KARAF_HOME"/lib/karaf*.jar
do
set JAVA_MODE=-client\r
)\r
)\r
+\r
set DEFAULT_JAVA_OPTS=%JAVA_MODE% -Xms%JAVA_MIN_MEM% -Xmx%JAVA_MAX_MEM% -Dderby.system.home="%KARAF_DATA%\derby" -Dderby.storage.fileSyncTransactionLog=true -Dcom.sun.management.jmxremote -XX:+UnlockDiagnosticVMOptions -XX:+UnsyncloadClass\r
\r
+if not "%ODL_JAVA_SECURITY_PROPERTIES%" == "" (\r
+ set DEFAULT_JAVA_OPTS=-Djava.security.properties="%ODL_JAVA_SECURITY_PROPERTIES%" %DEFAULT_JAVA_OPTS%\r
+) else (\r
+ set DEFAULT_JAVA_OPTS=-Djava.security.properties="%KARAF_ETC%\odl.java.security" %DEFAULT_JAVA_OPTS%\r
+)\r
+\r
rem Check some easily accessible MIN/MAX params for JVM mem usage\r
if not "%JAVA_PERM_MEM%" == "" (\r
set DEFAULT_JAVA_OPTS=%DEFAULT_JAVA_OPTS% -XX:PermSize=%JAVA_PERM_MEM%\r
--- /dev/null
+# Custom java.security config file for odl. This file augmnets the defult java.security config file provided by the JRE itself
+# Documentation: https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#DisabledAlgorithms
+# Additional information can also be found in the default java.security file: JAVA_HOME/jre/lib/security/java.security
+
+# Disable weak ciphers and ciphers vulnerable to the Logjam exploit, more information can be found here https://bugs.opendaylight.org/show_bug.cgi?id=3552
+jdk.tls.disabledAlgorithms=EXPORT, RC4, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, anon
\ No newline at end of file
Code Review / controller.git / commitdiff