[security-dev 00284]: Cleaning up crypto support
mark at klomp.org
Thu Aug 28 06:44:09 PDT 2008
There is still a lot of cruft in the codebase for preventing the usage
of certain crypto algorithms or key-sizes. And we were actually shipping
restricted policies preventing people from using unlimted crypto. Oops.
So if you saw: "java.securityInvalidKeyException: Illegal key size or
default parameters" that was caused by wrongly installed security policy
files. The code was actually there, just not properly activated.
This patch cleans up the crypto code so it doesn't go out of its way to
prevent usage of "restricted crypto" and makes sure no restricted crypto
security policies are installed.
2008-08-28 Mark Wielaard <mjw at redhat.com>
* patches/icedtea-clean-crypto.patch: New patch.
* Makefile.am (ICEDTEA_PATCHES): Add icedtea-clean-crypto.patch.
This should enable all normal crypto usage by default. And now a make
check-jdk makes sure the jtreg tests that are run and test "unlimited
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 24049 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/security-dev/attachments/20080828/84f6a4f0/icedtea-clean-crypto.patch
More information about the security-dev