How to change Java security properties

Table of contents

• Overview
• Steps to override Java security properties

Overview

Java security settings can be customized by overriding the default security properties. This is useful when enabling legacy protocols (e.g., TLS 1.0), modifying cryptographic algorithms, or adjusting security policies.

Warning: Re-enabling deprecated security features (e.g., TLS 1.0, weak ciphers) exposes your system to known vulnerabilities. Only do this if required for compatibility with legacy systems, and consider upgrading your security infrastructure instead.

Steps to override Java security properties

1. Create a new file, e.g., java_custom.secure.properties, to override default security settings.

2. Modify the required security properties. For example, to enable TLS 1.0 (which is disabled by default), remove TLSv1 from jdk.tls.disabledAlgorithms value:

   • Default setting (TLS 1.0 is disabled):

   jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, \
   MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
   ECDH

   • Updated setting (TLS 1.0 is enabled):

   jdk.tls.disabledAlgorithms=SSLv3, TLSv1.1, DTLSv1.0, RC4, DES, \
   MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
   ECDH

   You can modify other properties in the same way.

3. Map the file in the container.

   Ensure the custom file is accessible inside the container where Java runs. In a Dockerized environment, map it to a known location.

   Update your docker-compose.yml file with the following lines to place the file inside the cloudbeaver container:

   volumes:
     - ./java_custom.secure.properties:/location//java.secure.properties
   environment:
     - JAVA_OPTS="-Djava.security.properties=/location/with/java.secure.properties"

4. Restart the CloudBeaver to apply the changes.