Add security property to OPENJDK docker configuration

Question

I am trying to disable TLS 1 and 1.1 in my docker instances along with disabling several algorithms for security purposes. However I am trying to figure out how to add the below to properties to the /java/security folder of an alpine OPENJDK docker image?

jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, RC4, TLSv1, DESede, DES, MD5, TLSv1.1, DH keySize < 2048

Above are the two properties I would normally add to my JAVA_HOME/java/security properties file to disable the algorithms and TLS versions through a non-dockerized approach. But how would I pass this to the AlpineOPENJDK container I am deploying my java app in?

Answer 1

Add it to the Dockefile like so:

FROM openjdk:8-jre-alpine

ADD path/to/project/java.security ${JAVA_HOME}/lib/security/

Answer 2

I had a project where the database was an old SQL Server which used TLS1.0 and in Java 17 it is disabled by default since it's no longer considered safe. I modified the java.security file on my machine to accept TLS1.0 and then pulled the openjdk:17 image to create a docker container with the same version of Java (or at least a compatible one). My Dockerfile looks like this:

FROM openjdk:17
WORKDIR /
ADD backend.jar backend.jar
ADD java.security usr/java/openjdk-17/conf/security/
EXPOSE 8080
CMD java -jar backend.jar

I took the modified java.security file that accepted TLS1.0 and overrided the one in the container. After that this was shown in the console TLSv1 was negotiated. Please update server and client to use TLSv1.2 at minimum. which means that the connection was done and the application started successfully.