It's pretty easy to upgrade to the JCE extension with unlimited strength (just two jars to replace) : really easy on my workstation, certainly not so easy for ops on production servers.
While it's technically straightforward with access to the unlimited strength policy files, the legality and availability of the policies in terms of an international audience is uncertain.
That said, can't we just use 128-bit AES instead ?
I'm comfortable with that as a short-term fix, but it would be preferable to allow the deployer to configure all aspects of the encryption scheme. M -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
