FYI on latest Oracle Java release (152) and unlimited strength crypto

Michael A Grady mgrady at
Mon Oct 30 16:57:09 EDT 2017

FYI:  I just noticed, after downloading the Oracle Java Windows Server JRE (JDK 8u152) that there is now a policy/ directory in jre/lib/security, with two subdirectories within it: limited/ and unlimited/. The unlimited/ subdir has the unlimited strength policy files as you would expect. There are no policy jars, by default, in the jre/lib/security directory at all, they are all in those policy/ subdirs.

This is noted in the Oracle release notes for this distribution:

So you now have several options for unlimited strength policy. 

 - you can still copy the unlimited strength policy jars into jre/lib/security, and Java will default to looking there and using them if it finds such. If it doesn't, it defaults to using the jars in policy/limited. 

 - or there is now a file jre/lib/security/ with a commented out property, near the end of the file:


  so you can uncomment that, and get the policy/unlimited jars used.

 - you can supply a pointer to an additional security property file that will be read after the default one (and take precedence over the default one for any properties set in both), so you could set that property in an alternate file, and include a command line argument for servlet engine startup:<URL>

 to reference it.

Michael A. Grady
IAM Architect, Unicon, Inc.

More information about the users mailing list