====== Java Security Tweaks ======

<note tip>If you are trying to use Java in a web browser, **use Internet Explorer as your browser as Firefox no longer supports the Java plugin** for security reasons.</note>

<note warning>For versions of Java newer than 6, be sure to add the target to the **Exception Site List** of trusted URLs using the **Java Control Panel applet**, under the **Security tab**.</note>

===== Algorithm constraints check failed: MD5withRSA =====

Newer versions of Java require an SSL key length of at least 1024, however older apps may not provide that long of a key.

  * Supermicro IPMI KVM

Here, we edit ''$JAVA_HOME/jre/lib/security/java.security'' to reduce the requirement to 512.

Change ''1024'' to ''512'', ''256'' or ''128'' as necessary to cover the SSL cert being presented:

<file>
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
</file>

to

<file>
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 512

jdk.tls.disabledAlgorithms=SSLv3, RC4
</file>