Some JDK versions and distributions exclude the permissions necessary to use some cryptographic algorithms or SSL extensions, which may be required for a successful SSL handshake between a client and a server. We’ve noticed this behavior in the following versions:
-
Openjdk-1.8.0.144
-
Openjdk-1.8.0.91
-
Java-1.8.0_121
The JDK 8 ReadMe webpage notes that “due to import control restrictions of some countries, the version of the JCE policy files that are bundled in the Java Runtime Environment, or JRE 8 environment allow strong but limited cryptography to be used.”
To enable cryptographic algorithms, you may do one of the following:
-
For Java version 1.8.0-151 and above, you can modify the /usr/lib/jvm/jre-oracle/lib/security/java.security file and set it to allow the unlimited crypto policy as demonstrated below:
crypto.policy=unlimited
Download and enable the Java Cryptography Extension (JCE) jar file, which allows the Unlimited Strength Jurisdiction Policy to be in effect. This policy contains no restrictions on the strength of cryptographic algorithms.