FYI on latest Oracle Java release (152) and unlimited strength crypto
Michael A Grady
mgrady at unicon.net
Mon Oct 30 16:57:09 EDT 2017
FYI: I just noticed, after downloading the Oracle Java Windows Server JRE (JDK 8u152) that there is now a policy/ directory in jre/lib/security, with two subdirectories within it: limited/ and unlimited/. The unlimited/ subdir has the unlimited strength policy files as you would expect. There are no policy jars, by default, in the jre/lib/security directory at all, they are all in those policy/ subdirs.
This is noted in the Oracle release notes for this distribution:
http://www.oracle.com/technetwork/java/javase/8all-relnotes-2226344.html#R180_152
So you now have several options for unlimited strength policy.
- you can still copy the unlimited strength policy jars into jre/lib/security, and Java will default to looking there and using them if it finds such. If it doesn't, it defaults to using the jars in policy/limited.
- or there is now a file jre/lib/security/java.security with a commented out property, near the end of the file:
#crypto.policy=unlimited
so you can uncomment that, and get the policy/unlimited jars used.
- you can supply a pointer to an additional security property file that will be read after the default one (and take precedence over the default one for any properties set in both), so you could set that property in an alternate file, and include a command line argument for servlet engine startup:
-Djava.security.properties=<URL>
to reference it.
--
Michael A. Grady
IAM Architect, Unicon, Inc.
More information about the users
mailing list