SLOTH security vulnerability CVE-2015-7575
A potential security vulnerability exists in the MD5 algorithm, which is used in Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols. Use of the MD5 algorithm is therefore disabled by default in the SDK.
The jdk.certpath.disabledAlgorithms
property value includes MD5
by default.
The jdk.tls.disabledAlgorithms
property value includes
MD5wthRSA
by default.
For more information about these security properties, see Disabled and restricted cryptographic algorithms. For more information about the SLOTH security vulnerability, see https://www.mitls.org/pages/attacks/SLOTH.