Hello Tim, from what I know about the export regulations, shipping working crypto code that is just disabled through some configuration file is not acceptable. You will have to obtain a full-strength JCE/JSSE implementation. Either a US-only version of the JDK, or a non-US implementation of the library which is not subject to US or other export restrictions on cryptography.
cheers, Roland Tim Wild <[EMAIL PROTECTED]> 21.06.2004 05:19 Please respond to "Commons HttpClient Project" To Commons HttpClient Project <[EMAIL PROTECTED]> cc Subject Re: Invalid RSA modulus size Does anyone know if the Unlimited Strength Jurisdiction Policy Files are meant to solve this problem, or is it actually a bug with the JDK1.4? The policy files don't help me at all on the JDK1.4. Thanks Tim Oleg Kalnichevski wrote: >Tim, > >This is believed to be a limitation of all Sun's JCE/JSSE >implementations up to Java version 1.5. You can try testing your >application with Java 1.5-b2 to see if the problem has indeed been >fixed. Alternatively consider using IBM Java 1.4 or 3rd party JCE/JSSE >implementations which _may_ not exhibit the same limitation > >HTH > >Oleg > >On Sat, 2004-06-12 at 05:36, Tim Wild wrote: > > >>Hi, >> >>I'm using HttpClient to connect to an apache server that requires >>certificates. When I use client and server certificates from my own CA >>with 1024 bit keys it works perfectly. When I get a commercial >>certificate with a longer key (4096 bits), I get the following error >>(full message below) when I connect to apache: >> >>javax.net.ssl.SSLProtocolException: java.io.IOException: subject key, >>Unknown key spec: Invalid RSA modulus size. >> >>Google produced one result, which talked about a maximum key size using >>the JCE of 2048 bits using the JDK 1.4.2 default policy files. Another >>site suggested getting the unrestricted policy files, so I got and >>installed them, but it doesn't seem to make any difference at all. >> >>Does anyone have any thought or suggestions? Half formed thoughs or >>ideas are welcome as it might give me a lead that I can follow myself. >> >>Thanks >> >>Tim Wild >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
