This is an automated email from the ASF dual-hosted git repository.
yhu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/beam.git
The following commit(s) were added to refs/heads/master by this push:
new 2ea1045bf57 Add boilerplate Java21 security properties support to sdk
containers (#26798)
2ea1045bf57 is described below
commit 2ea1045bf57ae9a0c808ae6cd120983b07732c01
Author: Charles Rothrock <[email protected]>
AuthorDate: Wed Jun 28 15:12:04 2023 -0400
Add boilerplate Java21 security properties support to sdk containers
(#26798)
---
.../container/java21/java21-security.properties | 48 ++++++++++++++++++++++
.../container/java21/option-java21-security.json | 9 ++++
2 files changed, 57 insertions(+)
diff --git a/sdks/java/container/java21/java21-security.properties
b/sdks/java/container/java21/java21-security.properties
new file mode 100644
index 00000000000..390cba51018
--- /dev/null
+++ b/sdks/java/container/java21/java21-security.properties
@@ -0,0 +1,48 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Java 21 java.security properties file override for JVM
+# base properties derived from:
+# openjdk version "21-ea" 2023-09-19
+# OpenJDK Runtime Environment (build 21-ea+23-1988)
+# OpenJDK 64-Bit Server VM (build 21-ea+23-1988, mixed mode, sharing)
+
+# Java has now disabled TLSv1 and TLSv1.1. We specifically put it in the
+# legacy algorithms list to allow it to be used if something better is not
+# available (e.g. TLSv1.2). This will prevent breakages for existing users
+# (for example JDBC with MySQL). See
+# https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8202343
+# for additional details.
+jdk.tls.disabledAlgorithms=SSLv3, DTLSv1.0, RC4, DES, \
+ MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL,
\
+ ECDH
+
+# The raw value from 21-ea for legacyAlgorithms is
+# NULL, anon, RC4, DES, 3DES_EDE_CBC
+# Because these values are in disabledAlgorithms, it is erroneous to include
+# them in legacy (they are disabled in Java 8, 11, and 17 as well). Here we
+# only include TLSv1 and TLSv1.1 which were removed from disabledAlgorithms
+jdk.tls.legacyAlgorithms=TLSv1, TLSv1.1
+
+# /dev/random blocks in virtualized environments due to lack of
+# good entropy sources, which makes SecureRandom use impractical.
+# In particular, that affects the performance of HTTPS that relies
+# on SecureRandom.
+#
+# Due to that, /dev/urandom is used as the default.
+#
+# See http://www.2uo.de/myths-about-urandom/ for some background
+# on security of /dev/urandom on Linux.
+securerandom.source=file:/dev/./urandom
\ No newline at end of file
diff --git a/sdks/java/container/java21/option-java21-security.json
b/sdks/java/container/java21/option-java21-security.json
new file mode 100644
index 00000000000..2844fa7e0a5
--- /dev/null
+++ b/sdks/java/container/java21/option-java21-security.json
@@ -0,0 +1,9 @@
+{
+ "name": "java-security",
+ "enabled": true,
+ "options": {
+ "properties": {
+ "java.security.properties":
"/opt/apache/beam/options/java21-security.properties"
+ }
+ }
+}
