Hello Tim, not quite. If you read carefully, that paragraph addresses "import restrictions", not "export restrictions". It does not say that the 1.4.2 code does not have crypto limitations as a result of the US export regulations. "No restrictions" in the policy files means "full strength" of the implementation. If the implementation is crippled, that won't help you.
cheers, Roland Tim Wild <[EMAIL PROTECTED]> 21.06.2004 07:23 Please respond to "Commons HttpClient Project" To Commons HttpClient Project <[EMAIL PROTECTED]> cc Subject Re: Invalid RSA modulus size Thanks Roland, I just re-read the documentation that comes with the Unlimited Strength Jurisdiction Policy Files, and it indicates that they do enable full strength crpytography based on the configuration file. I've included the applicable paragraph below. Does anyone else have thoughts on this? It works fine in JDK 1.5 but not 1.4, which would indicate to me that it's a bug rather than it being disabled. The exception i'm getting in JDK 1.4.2 is javax.net.ssl.SSLProtocolException: java.io.IOException: subject key, Unknown key spec: Invalid RSA modulus size Thanks Tim --- The JCE architecture allows flexible cryptographic strength to be configured via jurisdiction policy files. Due to the import restrictions of some countries, the jurisdiction policy files distributed with the J2SDK, v 1.4.2 software have built-in restrictions on available cryptographic strength. The jurisdiction policy files in this download bundle (the bundle including this README file) contain no restrictions on cryptographic strengths. This is appropriate for most countries. Framework vendors can create download bundles that include jurisdiction policy files that specify cryptographic restrictions appropriate for countries whose governments mandate restrictions. Users in those countries can download an appropriate bundle, and the JCE framework will enforce the specified restrictions. --- ----- Original Message ----- From: Roland Weber <[EMAIL PROTECTED]> Date: Monday, June 21, 2004 5:06 pm Subject: Re: Invalid RSA modulus size > Hello Tim, > > from what I know about the export regulations, shipping > working crypto code that is just disabled through some > configuration file is not acceptable. You will have to > obtain a full-strength JCE/JSSE implementation. Either > a US-only version of the JDK, or a non-US implementation > of the library which is not subject to US or other export > restrictions on cryptography. > > cheers, > Roland > > > > > Tim Wild <[EMAIL PROTECTED]> > 21.06.2004 05:19 > Please respond to > "Commons HttpClient Project" > > > To > Commons HttpClient Project <[EMAIL PROTECTED]> > cc > > Subject > Re: Invalid RSA modulus size > > > > > > > Does anyone know if the Unlimited Strength Jurisdiction Policy > Files are > meant to solve this problem, or is it actually a bug with the > JDK1.4? > The policy files don't help me at all on the JDK1.4. > > Thanks > > Tim > > Oleg Kalnichevski wrote: > > >Tim, > > > >This is believed to be a limitation of all Sun's JCE/JSSE > >implementations up to Java version 1.5. You can try testing your > >application with Java 1.5-b2 to see if the problem has indeed been > >fixed. Alternatively consider using IBM Java 1.4 or 3rd party > JCE/JSSE>implementations which _may_ not exhibit the same limitation > > > >HTH > > > >Oleg > > > >On Sat, 2004-06-12 at 05:36, Tim Wild wrote: > > > > > >>Hi, > >> > >>I'm using HttpClient to connect to an apache server that > requires > >>certificates. When I use client and server certificates from my > own CA > >>with 1024 bit keys it works perfectly. When I get a commercial > >>certificate with a longer key (4096 bits), I get the following > error > >>(full message below) when I connect to apache: > >> > >>javax.net.ssl.SSLProtocolException: java.io.IOException: subject > key, > >>Unknown key spec: Invalid RSA modulus size. > >> > >>Google produced one result, which talked about a maximum key > size using > >>the JCE of 2048 bits using the JDK 1.4.2 default policy files. > Another > >>site suggested getting the unrestricted policy files, so I got > and > >>installed them, but it doesn't seem to make any difference at all. > >> > >>Does anyone have any thought or suggestions? Half formed thoughs > or > >>ideas are welcome as it might give me a lead that I can follow > myself.>> > >>Thanks > >> > >>Tim Wild > >> > >>----------------------------------------------------------------- > ---- > >>To unsubscribe, e-mail: > [EMAIL PROTECTED] > >>For additional commands, e-mail: > [EMAIL PROTECTED] > >> > >> > >> > > > > > >------------------------------------------------------------------ > --- > >To unsubscribe, e-mail: > [EMAIL PROTECTED] > >For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > ------------------------------------------------------------------- > -- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > > Attention: The information contained in this message and or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. Thank You. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
