java.security still talks about "limited" as default
Bradford Wetmore
bradford.wetmore at oracle.com
Mon Nov 13 20:13:15 UTC 2017
This was fixed in:
https://bugs.openjdk.java.net/browse/JDK-8186093
Sadly, it was noticed too late in JDK 9/9.0.1 to fix for GA of those
releases.
Brad
On 11/13/2017 9:19 AM, Bernd wrote:
> Hello,
>
> in the OpenJDK 9.0.1 java.security file is the crypto.policy=unlimited set.
>
> However the boilerplate text above still speaks of "limited" as a default:
>
> # Due to the import control restrictions of some countries, the default
> # JCE policy files allow for strong but "limited" cryptographic key
> # lengths to be used. If your country's cryptographic regulations allow,
> # the "unlimited" strength policy files can be used instead, which contain
> # no restrictions on cryptographic strengths.
>
> I guess this needs to be adjusted.
>
> BTW: does anybody know examples of where limited would be needed?
>
> Gruss
> Bernd
More information about the security-dev
mailing list