> Check down under "Strong Versus Unlimited Strength." There's some issues
> with import controls. Note, the document is referring specifically to JDK
> 1.4, so I don't know if its the same for newer versions.
It applies to the 1.5 JRE and 1.6 JDK I just checked. For reference,
the following ciphers are supported by default:
// Some countries have import limits on crypto strength. This policy
file is worldwide importable.
grant {
permission javax.crypto.CryptoPermission "DES", 64;
permission javax.crypto.CryptoPermission "DESede", *;
permission javax.crypto.CryptoPermission "RC2", 128,
"javax.crypto.spec.RC2ParameterSpec", 128;
permission javax.crypto.CryptoPermission "RC4", 128;
permission javax.crypto.CryptoPermission "RC5", 128,
"javax.crypto.spec.RC5ParameterSpec", *, 12, *;
permission javax.crypto.CryptoPermission "RSA", *;
permission javax.crypto.CryptoPermission *, 128;
};
For the record, the first thing we do when provisioning a new JVM is
to download the unlimited strength policy files and apply them in
place of the defaults. I'm so accustomed to having 256-bit ciphers
available that it never dawned on me that the problem the OP had could
be related to cipher bit length. Joel, you might consider upgrading
to 256-bit AES on your Java clients instead of downgrading OpenLDAP to
128.
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
