Anyone using Oracle JDK 8u151 or later who installed the unlimited
strength policy jars, please report back on whether this method still works.
Kind regards,
Ben.
On 06/12/17 10:18, Ben Caradoc-Davies wrote:
Oracle JDK 8u151 introduces a new mechanism to enable unlimited strength
cryptography. For each new JDK installation, in
jre/lib/security/java.security uncomment the line:
#crypto.policy=unlimited
to read:
crypto.policy=unlimited
The old mechanism (installing policy jars) *should* still work:
http://docs.geoserver.org/latest/en/user/production/java.html#oracle-java
OpenJDK has unlimited strength cryptography by default and is not
affected by this change.
See:
http://www.oracle.com/technetwork/java/javase/8u151-relnotes-3850493.html
"New Features
security-libs/javax.crypto
New Security property to control crypto policy
This release introduces a new feature whereby the JCE jurisdiction
policy files used by the JDK can be controlled via a new Security
property. In older releases, JCE jurisdiction files had to be downloaded
and installed separately to allow unlimited cryptography to be used by
the JDK. The download and install steps are no longer necessary. To
enable unlimited cryptography, one can use the new crypto.policy
Security property. If the new Security property (crypto.policy) is set
in the java.security file, or has been set dynamically by using the
Security.setProperty() call before the JCE framework has been
initialized, that setting will be honored. By default, the property will
be undefined. If the property is undefined and the legacy JCE
jurisdiction files don't exist in the legacy lib/security directory,
then the default cryptographic level will remain at 'limited'. To
configure the JDK to use unlimited cryptography, set the crypto.policy
to a value of 'unlimited'. See the notes in the java.security file
shipping with this release for more information."
Kind regards,
--
Ben Caradoc-Davies <b...@transient.nz>
Director
Transient Software Limited <http://transient.nz/>
New Zealand
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users