The easiest way to get the latest versions of Java to use unlimited strength algorithms is to:
Modify the file (within the Java directory): jre/lib/security/java.security change the commented out property, near the end of the file: #crypto.policy=unlimited by simply removing the comment marker: crypto.policy=unlimited > On Apr 10, 2018, at 8:58 AM, William E. <wre0...@uah.edu> wrote: > > Has anyone run into a problem with the JCE files on newer JDK's? It is my > understanding that jdk 1.8.161 and later includes the jce unlimited > cryptography libs by default, and command line testing seems to confirm this, > but CAS 5.2.3 fails with the following: > > Caused by: java.lang.RuntimeException: Is JCE Unlimited Strength Jurisdiction > Policy installed? AES is an unknown, unsupported or unavailable enc algorithm > (not one of [A128CBC-HS256, A192CBC-HS384, A256CBC-HS512, A128GCM, A192GCM, > A256GCM]). > > CAS startup shows the correct JDK is being used and JCE is present: > > CAS Version: 5.2.3 > CAS Commit Id: 14850a4ef16ef32ce6390f62fda566fdb8fa3948 > CAS Build Date/Time: 2018-03-07T20:08:12Z > Spring Boot Version: 1.5.8.RELEASE > ------------------------------------------------------------ > Java Home: /usr/java/jdk1.8.0_162/jre > Java Vendor: Oracle Corporation > Java Version: 1.8.0_162 > .............. > JCE Installed: Yes > .............. > > > Command line testing shows it is enabled: > > $ env | grep JAVA > JAVA_HOME=/usr/java/jdk1.8.0_162 > > $ which jrunscript > /usr/java/jdk1.8.0_162/bin/jrunscript > > $ jrunscript -e "print (javax.crypto.Cipher.getMaxAllowedKeyLength('AES') >= > 256)" > true > > > I am at a loss... > > Anyone have ideas?? > > Out of desperation I downloaded the jce files from oracle and put them in the > usual place(/jre/lib/security) and restarted tomcat but still same error. > Using openjdk 8 which should also include the jce unlimited jars also gives > the same cas error. > > Thanks, > William > > > > > -- > - Website: https://apereo.github.io/cas <https://apereo.github.io/cas> > - Gitter Chatroom: https://gitter.im/apereo/cas <https://gitter.im/apereo/cas> > - List Guidelines: https://goo.gl/1VRrw7 <https://goo.gl/1VRrw7> > - Contributions: https://goo.gl/mh7qDG <https://goo.gl/mh7qDG> > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org > <mailto:cas-user+unsubscr...@apereo.org>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/718bdd24-4d97-4723-8f00-a156f7c79757%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/718bdd24-4d97-4723-8f00-a156f7c79757%40apereo.org?utm_medium=email&utm_source=footer>. -- Michael A. Grady IAM Architect, Unicon, Inc. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/B27656DA-00D6-4705-A3B3-59F15A33174C%40unicon.net.
signature.asc
Description: Message signed with OpenPGP