Document new mechanism to enable unlimited strength cryptography in Oracle JDK 8u151 or later

Description

Oracle JDK 8u151 introduces a new mechanism to enable unlimited strength cryptography. For each new JDK installation, in jre/lib/security/java.security uncomment the line:

to read:

The old mechanism (installing policy jars) should still work:
http://docs.geoserver.org/latest/en/user/production/java.html#oracle-java

OpenJDK has unlimited strength cryptography by default and is not affected by this change.

See:
http://www.oracle.com/technetwork/java/javase/8u151-relnotes-3850493.html

"New Features

security-libs/javax.crypto
New Security property to control crypto policy

This release introduces a new feature whereby the JCE jurisdiction policy files used by the JDK can be controlled via a new Security property. In older releases, JCE jurisdiction files had to be downloaded and installed separately to allow unlimited cryptography to be used by the JDK. The download and install steps are no longer necessary. To enable unlimited cryptography, one can use the new crypto.policy Security property. If the new Security property (crypto.policy) is set in the java.security file, or has been set dynamically by using the Security.setProperty() call before the JCE framework has been initialized, that setting will be honored. By default, the property will be undefined. If the property is undefined and the legacy JCE jurisdiction files don't exist in the legacy lib/security directory, then the default cryptographic level will remain at 'limited'. To configure the JDK to use unlimited cryptography, set the crypto.policy to a value of 'unlimited'. See the notes in the java.security file shipping with this release for more information."

Environment

None

Assignee

Unassigned

Reporter

Ben Caradoc-Davies

Triage

None

Fix versions

None

Affects versions

None

Components

Priority

Medium
Configure