How to change Java security properties

Java security settings can be customized by overriding the default security properties. This is useful when enabling legacy protocols (e.g., TLS 1.0), modifying cryptographic algorithms, or adjusting security policies.

Warning: Re-enabling deprecated security features (e.g., TLS 1.0, weak ciphers) exposes your system to known vulnerabilities. Only do this if required for compatibility with legacy systems, and consider upgrading your security infrastructure instead.

1. Create a new file, e.g., java_custom.secure.properties, to override default security settings.

2. Modify the required security properties. For example, to enable TLS 1.0 (which is disabled by default), remove TLSv1 from jdk.tls.disabledAlgorithms value:

   • Default setting (TLS 1.0 is disabled):

   jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, \
   MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
   ECDH
   

   • Updated setting (TLS 1.0 is enabled):

   jdk.tls.disabledAlgorithms=SSLv3, TLSv1.1, DTLSv1.0, RC4, DES, \
   MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
   ECDH
   

   You can modify other properties in the same way.

3. Map the file in the container.

   Ensure the custom file is accessible inside the container where Java runs. In a Dockerized environment, map it to a known location.

   Update your docker-compose.yml file with the following lines to place the file inside the cloudbeaver-te container:

   volumes:
     - ./java_custom.secure.properties:/location//java.secure.properties
   environment:
     - JAVA_OPTS="-Djava.security.properties=/location/with/java.secure.properties"
   

4. Restart the Team Edition to apply the changes.