Legacy algorithms

In some environments, a certain algorithm might be undesirable but it cannot be disabled because of its use in legacy applications. Legacy algorithms might still be supported, but applications should not use them as the security strength of legacy algorithms is usually not strong enough. During TLS security parameters negotiation, legacy algorithms are not negotiated unless there are no other candidates. The security property jdk.tls.legacyAlgorithms specifies which algorithms the SDK considers as legacy algorithms. See the <install_dir>/jre/lib/security/java.security file for the syntax of this security property.

Notes:

If a legacy algorithm is also restricted through the jdk.tls.disabledAlgorithms property or the java.security.AlgorithmConstraints API (see the method javax.net.ssl.SSLParameters.setAlgorithmConstraints), then the algorithm is completely disabled and will not be negotiated.
If your application uses an algorithm that is specified in the security property jdk.tls.legacyAlgorithms, use an alternative algorithm as soon as possible; a future SDK release might specify a legacy algorithm as a restricted algorithm.