Pete FreitagJava Unlimited Strength Crypto Policy for Java 9 or 1.8.0_151
By Pete Freitag
Starting with Java 1.8.0_151 and 1.8.0_152 there is a new somewhat easier way to enable the unlimited strength jurisdiction policy for the JVM. Without enabling this you cannot use AES-256 for example.
First download the JRE, I like to use the server-jre for servers. When you extract the server-jre look for the file java.security in the jre/lib/security folder. For example for Java 1.8.0_152 the file structure looks like this:
/jdk1.8.0_152
|- /jre
|- /lib
|- /security
|- java.security
Now open java.security with a text editor and look for the line that defines the java security property crypto.policy it can have two values limited or unlimited - the default is limited.
By default you should find a commented out line:
#crypto.policy=unlimited
You can enable unlimited by uncommenting that line, remove the #:
crypto.policy=unlimited
Now restart your java applications that point to the JVM and you should be all set.
Java Unlimited Strength Crypto Policy for Java 9 or 1.8.0_151 was first published on October 19, 2017.
If you like reading about java, jre, security, or crypto then you might also like:
- Java 9 Security Enhancements
- Spring4Shell and ColdFusion
- Log4j 1.x Vulnerability Mitigation Guide
- Log4Shell Vulnerability Timeline
Weekly Security Advisories Email
Advisory Week is a new weekly email containing security advisories published by major software vendors (Adobe, Apple, Microsoft, etc).