java.security still talks about "limited" as default
Bernd
ecki at zusammenkunft.net
Mon Nov 13 17:19:14 UTC 2017
Hello,
in the OpenJDK 9.0.1 java.security file is the crypto.policy=unlimited set.
However the boilerplate text above still speaks of "limited" as a default:
# Due to the import control restrictions of some countries, the default
# JCE policy files allow for strong but "limited" cryptographic key
# lengths to be used. If your country's cryptographic regulations allow,
# the "unlimited" strength policy files can be used instead, which contain
# no restrictions on cryptographic strengths.
I guess this needs to be adjusted.
BTW: does anybody know examples of where limited would be needed?
Gruss
Bernd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20171113/e639c624/attachment.htm>
More information about the security-dev
mailing list