Java SSL server disable weak elliptic curves

So this is my java SSL server code CTX is the sslcontext initialized with the server keystore

public SSLEngine createSSLEngine() {

        SSLEngine sslEngine = ctx.createSSLEngine();

        String[] ciphersuites = new String[]{
                "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
        };

        sslEngine.setEnabledCipherSuites(ciphersuites);

        sslEngine.setUseClientMode(false);

        return sslEngine;
    }

I use cipherscan（ https://github.com/jvehent/cipherscan ）After testing it, the cipher sleeve looks good, but the server supports all possible elliptic curves (sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, prime192v1, secp224k1, secp256k1, prime256v1, secp384r1, secp521r1)

Is there a way to disable all curves except strong curves like secp384r1?

Solution

Starting with java8 u121, you can configure the elliptic curve to be used

Use parameters when starting the VM of the program, namely:

-Djdk.tls.namedGroups="secp521r1,secp256r1,secp256k1"

Or, if you want the JDK / JRE wide policy to change Java Security file and add the attribute Namely:

-jdk.tls.namedGroups="secp521r1,secp256k1"

For references, see: http://www.oracle.com/technetwork/java/javase/8u121-relnotes-3315208.html Paragraph "increase the default strength of EC in JDK"