Re: [cas-user] java 1.62 - JCE Unlimited Strength Jurisdiction Policy

Tue, 10 Apr 2018 07:45:51 -0700 

The easiest way to get the latest versions of Java to use unlimited strength 
algorithms is to:

 Modify the file (within the Java directory):

      jre/lib/security/java.security

 change the commented out property, near the end of the file:

      #crypto.policy=unlimited

by simply removing the comment marker:

      crypto.policy=unlimited

> On Apr 10, 2018, at 8:58 AM, William E. <wre0...@uah.edu> wrote:
> 
> Has anyone run into a problem with the JCE files on newer JDK's?  It is my 
> understanding that jdk 1.8.161 and later includes the jce unlimited 
> cryptography libs by default, and command line testing seems to confirm this, 
> but CAS 5.2.3 fails with the following:
> 
> Caused by: java.lang.RuntimeException: Is JCE Unlimited Strength Jurisdiction 
> Policy installed? AES is an unknown, unsupported or unavailable enc algorithm 
> (not one of [A128CBC-HS256, A192CBC-HS384, A256CBC-HS512, A128GCM, A192GCM, 
> A256GCM]).
> 
> CAS startup shows the correct JDK is being used and JCE is present:
> 
> CAS Version: 5.2.3
> CAS Commit Id: 14850a4ef16ef32ce6390f62fda566fdb8fa3948
> CAS Build Date/Time: 2018-03-07T20:08:12Z
> Spring Boot Version: 1.5.8.RELEASE
> ------------------------------------------------------------
> Java Home: /usr/java/jdk1.8.0_162/jre
> Java Vendor: Oracle Corporation
> Java Version: 1.8.0_162
> ..............
> JCE Installed: Yes
> ..............
> 
> 
> Command line testing shows it is enabled:
> 
> $ env | grep JAVA
> JAVA_HOME=/usr/java/jdk1.8.0_162
> 
> $ which jrunscript
> /usr/java/jdk1.8.0_162/bin/jrunscript
> 
> $ jrunscript -e "print (javax.crypto.Cipher.getMaxAllowedKeyLength('AES') >= 
> 256)"
> true
> 
> 
> I am at a loss...
> 
> Anyone have ideas??
> 
> Out of desperation I downloaded the jce files from oracle and put them in the 
> usual place(/jre/lib/security) and restarted tomcat but still same error.  
> Using openjdk 8 which should also include the jce unlimited jars also gives 
> the same cas error.
> 
> Thanks,
> William
> 
> 
> 
> 
> --
> - Website: https://apereo.github.io/cas <https://apereo.github.io/cas>
> - Gitter Chatroom: https://gitter.im/apereo/cas <https://gitter.im/apereo/cas>
> - List Guidelines: https://goo.gl/1VRrw7 <https://goo.gl/1VRrw7>
> - Contributions: https://goo.gl/mh7qDG <https://goo.gl/mh7qDG>
> ---
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org 
> <mailto:cas-user+unsubscr...@apereo.org>.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/718bdd24-4d97-4723-8f00-a156f7c79757%40apereo.org
>  
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/718bdd24-4d97-4723-8f00-a156f7c79757%40apereo.org?utm_medium=email&utm_source=footer>.

--
Michael A. Grady
IAM Architect, Unicon, Inc.



-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/B27656DA-00D6-4705-A3B3-59F15A33174C%40unicon.net.

Attachment: signature.asc
Description: Message signed with OpenPGP

Reply via email to