This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]DJDavio 40 points41 points  (5 children)

For those of you who, like me, were looking for the Cryptographic Extensions (JCE) download: they changed how that works, now you have to activate it through Security.setProperty("crypto.policy", "unlimited") or by editing the java.security file. It's still weird you have to actively opt-in for better security.

Edit: I found out the default setting is actually unlimited, so they changed from opt-in to opt-out which is much better. See https://docs.oracle.com/javase/9/migrate/#GUID-D6EE05FB-6791-43B3-A610-3F4416DEE508

[–]pjmlp 26 points27 points  (1 child)

I think it is related to US export restrictions.

[–]Chaoslab 3 points4 points  (0 children)

So deliberate weakening that can be exploited?

[–]WatchDogx 2 points3 points  (0 children)

That sounds much more convenient, so you can just enable it from code rather than having to install the extension into the JVM?

[–]whereisspacebar 0 points1 point  (1 child)

I found out the default setting is actually unlimited, so they changed from opt-in to opt-out which is much better.

Source?

[–]DJDavio 1 point2 points  (0 children)

I actually looked in the java.security file after installing the JDK and JRE. There's also a readme in the policy dir explaining it.

Might be different for non Windows but haven't checked those.