Java 9 - Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files
Vincent Ryan
vincent.x.ryan at oracle.com
Wed Oct 5 10:22:53 UTC 2016
JDK-8061842 <https://bugs.openjdk.java.net/browse/JDK-8061842> has added improvements in JDK 9 to simplify the management of crypto strength.
See README.txt <http://hg.openjdk.java.net/jdk9/dev/jdk/file/f82971b324f6/src/java.base/share/conf/security/policy/README.txt> for details.
Adding, 'Security.setProperty(“crypto.policy”, “unlimited”);' or editing the java.security configuration file
will enable unlimited strength.
> On 5 Oct 2016, at 09:06, Jeroen Cranendonk <j.p.cranendonk at gmail.com> wrote:
>
> Hi!
>
> The bane of my existance for the last decade or so has been dealing
> with errors because the Java Unlimited Strength Jurisdiction Policy
> Files have not been installed, and finding ways of getting them
> installed.
>
> I was wondering what the state of this is for Java 9?
>
> I can't find any Java 9 policy files for the current ea builds of Java 9.
> But I also can't find any mention of them no longer being required.
> Worryingly, the old test for whether they're installled, based on AES
> max cipher length, still gives me 128 (code pasted after this mail),
> which suggests they are still needed.
>
> It seems that the requirement for having unlimited strength
> jurisdiction policy files has been dropped a long long time ago, but
> noone ever got around to actually implementing the change:
> https://bugs.openjdk.java.net/browse/JDK-7024850
>
> I was hoping with Java 9 this would finalyl be solved :)
>
> Test:
> import javax.crypto.Cipher;
> class Test {
> public static void main(String[] args) {
> try {
> System.out.println("Hello World!");
> int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");
> System.out.println(maxKeyLen);
> } catch (Exception e){
> System.out.println("Sad world :(");
> }
> }
> }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20161005/3f24c7eb/attachment.htm>
More information about the security-dev
mailing list