Uploaded image for project: 'OpenSAML - Java'
  1. OpenSAML - Java
  2. OSJ-220

enable unlimited crypto under Java 9 and latest Java 8

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Do
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None

      Description

      Under Oracle Java 9, some movement has occurred on the "unlimited crypto policy" front. Specifically, the appropriate policy files are now shipped by default, but not enabled. Some reading indicates that it is possible to enable the unlimited policy rules as follows:

      Security.setProperty("crypto.policy", "unlimited");
      

      See http://mail.openjdk.java.net/pipermail/security-dev/2016-October/014943.html

      As the Security.setProperty API exists in Java 7, it would be possible to have OpenSAML automatically enable this facility conditionally if it detected the presence of Java 9 without running into compilation issues. This might be something worth doing for whatever we ship with IdP 3.4.

      Note that this isn't necessary for any version of OpenJDK, just the Oracle one.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              putmanb@shibboleth.net Brent Putman
              Reporter:
              ian@iay.org.uk Ian Young
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: