Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

enable unlimited crypto under Java 9 and latest Java 8

Description

Under Oracle Java 9, some movement has occurred on the "unlimited crypto policy" front. Specifically, the appropriate policy files are now shipped by default, but not enabled. Some reading indicates that it is possible to enable the unlimited policy rules as follows:

See http://mail.openjdk.java.net/pipermail/security-dev/2016-October/014943.html

As the Security.setProperty API exists in Java 7, it would be possible to have OpenSAML automatically enable this facility conditionally if it detected the presence of Java 9 without running into compilation issues. This might be something worth doing for whatever we ship with IdP 3.4.

Note that this isn't necessary for any version of OpenJDK, just the Oracle one.

Environment

None

Activity

Show:

Brent PutmanSeptember 21, 2018 at 4:13 PM

Discussed on the call today.  We decided that since all the JRE/JDK impls we care about already effectively enable "unlimited" by default, we no longer need to do anything here.

Scott CantorJanuary 19, 2018 at 2:02 PM

Apparently all Java >= 7 now enables it by default. I suppose the problem will be if OpenJDK doesn't.

Scott CantorOctober 18, 2017 at 3:09 PM

That's good news, thanks. I just expanded this and re-scheduled it for 3.4, I assume it wouldn't hurt anything to set this on Java 7.

Takeshi NishimuraOctober 18, 2017 at 5:25 AM

Won't Do

Details

Assignee

Reporter

Components

Created September 25, 2017 at 5:08 PM
Updated September 21, 2018 at 4:14 PM
Resolved September 21, 2018 at 4:14 PM