From Java 7 onwards cipher suites can be excluded from use via a security policy file called java.security that's located under Java Runtime Environment in the /lib/security directory.

从 Java 7 开始，可以通过名为 java.security 的安全策略文件排除使用密码套件，该文件位于 Java Runtime Environment 下的 /lib/security 目录中。

The policy file defines the jdk.tls.disabledAlgorithms property to control TLS cipher selection. There is also a complementary property jdk.certpath.disabledAlgorithms to control algorithms encountered in SSL certificates. You can find the documentation for this property on the Oracle website: JSSE Reference Guide

策略文件定义 jdk.tls.disabledAlgorithms 属性来控制 TLS 密码选择。还有一个补充属性 jdk.certpath.disabledAlgorithms 来控制 SSL 证书中遇到的算法。您可以在 Oracle 网站上找到此属性的文档：JSSE 参考指南

By default, as of Java 7 the following policy applies: jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048 This means: no MD5, no SHA1, no DSA. RSA is allowed only if the key is at least 2048 bits long. You can use this property to further tailor a site deployment to specific needs. All the cipher suites enabled by default in Java are found hereunder section Ciphers (unless the default SunJSSE crypto provider has been explicitly overridden and is not used).

默认情况下，从 Java 7 开始，以下策略适用：jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048 这意味着：没有 MD5，没有 SHA1，没有 DSA。仅当密钥长度至少为 2048 位时才允许使用 RSA。您可以使用此属性进一步根据特定需求定制站点部署。在 Java 中默认启用的所有密码套件都可以在密码部分下找到（除非默认的 SunJSSE 加密提供程序已被显式覆盖且未使用）。

As you can see all EXPORT cipher suites are disabled by default, so there is no need to configure something for the FREAK attack.

如您所见，默认情况下所有 EXPORT 密码套件都是禁用的，因此无需为 FREAK 攻击配置某些内容。

Edit because of above comment of Houtman on question:
About POODLE: You have to think about this both in java 7 and 8. Because the SSLv3 protocol has only been disabled by default from JDK 8u31 (see section Protocols here).

由于 Houtman 对问题的上述评论进行了编辑：
关于 POODLE：您必须在 java 7 和 8 中考虑这一点。因为 SSLv3 协议仅在 JDK 8u31 中默认禁用（请参阅此处的协议部分）。

Add these to your SSL connector

将这些添加到您的 SSL 连接器

server="Unspecified" xpoweredBy="false" secure="true" sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"

服务器= “未指定” xpoweredBy = “假” 安全= “真” sslProtocol = “TLS” sslEnabledProtocols = “的TLSv1，TLSv1.1，TLSv1.2工作” 密码=“TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384，TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384，TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384，TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384，TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256，TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256，TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256， TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256，TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384，TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384，TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA，TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA，TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384，TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384，TLS_ECDH_RSA_WITH_AES_256_CBC_SHA，TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA，TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256，TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256，TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA，TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA，TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256，TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256，TLS_ECDH_RSA_WITH_AES_128_CBC_SHA，TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA”

You can enable a list of cipher suites you want to use, refer setEnabledCipherSuites method in SSLSocket API and can exclude EXPORT cipher suites from this list

您可以启用要使用的密码套件列表，请参阅 SSLSocket API 中的 setEnabledCipherSuites 方法，并且可以从此列表中排除 EXPORT 密码套件