This was fixed in:
https://bugs.openjdk.java.net/browse/JDK-8186093
Sadly, it was noticed too late in JDK 9/9.0.1 to fix for GA of those
releases.
Brad
On 11/13/2017 9:19 AM, Bernd wrote:
Hello,
in the OpenJDK 9.0.1 java.security file is the crypto.policy=unlimited set.
However the boilerplate text above still speaks of "limited" as a default:
# Due to the import control restrictions of some countries, the default
# JCE policy files allow for strong but "limited" cryptographic key
# lengths to be used. If your country's cryptographic regulations allow,
# the "unlimited" strength policy files can be used instead, which contain
# no restrictions on cryptographic strengths.
I guess this needs to be adjusted.
BTW: does anybody know examples of where limited would be needed?
Gruss
Bernd
