diff -r 242110f0c920 -r 3ac0ba151e70 jdk/src/java.base/share/conf/security/java.security --- a/jdk/src/java.base/share/conf/security/java.security Thu Aug 25 20:53:40 2016 +0300 +++ b/jdk/src/java.base/share/conf/security/java.security Fri Aug 26 13:44:20 2016 -0700 @@ -804,6 +804,56 @@ # EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 \ # FFFFFFFF FFFFFFFF, 2} +# Cryptographic Jurisdiction Policy defaults +# +# Due to the import control restrictions of some countries, the default +# JCE policy files allow for strong but "limited" cryptographic key +# lengths to be used. If your country's cryptographic regulations allow, +# the "unlimited" strength policy files can be used instead, which contain +# no restrictions on cryptographic strengths. +# +# If your country has restrictions that don't fit either "limited" or +# "unlimited", an appropriate set of policy files should be created and +# configured before using this distribution. The jurisdiction policy file +# configuration must reflect the cryptographic restrictions appropriate +# for your country. +# +# YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY +# TO DETERMINE THE EXACT REQUIREMENTS. +# +# The policy files are flat text files organized into subdirectories of +# /conf/security/policy. Each directory contains a complete +# set of policy files. +# +# The "crypto.policy" Security property controls the directory selection, +# and thus the effective cryptographic policy. +# +# The default set of directories is: +# +# limited | unlimited +# +# however other directories can be created and configured. +# +# Within a directory, the effective policy is the combined minimum +# permissions of the grant statements in the file(s) with the filename +# pattern "default_*.policy". At least one grant is required. For +# example: +# +# limited = Export (all) + Import (limited) = Limited +# unlimited = Export (all) + Import (all) = Unlimited +# +# The effective exemption policy is the combined minimum permissions +# of the grant statements in the file(s) with the filename pattern +# "exempt_*.policy". Exemption grants are optional. +# +# limited = grants exemption permissions, by which the +# effective policy can be circumvented. +# e.g. KeyRecovery/Escrow/Weakening. +# +# Please see the JCA documentation for additional information on these +# files and formats. +crypto.policy=crypto.policydir-tbd + # # The policy for the XML Signature secure validation mode. The mode is # enabled by setting the property "org.jcp.xml.dsig.secureValidation" to