Java Cryptography Extension (JCE) unlimited strength policy files
Problem
java.security.InvalidKeyException: Illegal key size or default parameters  OR
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure OR
Unable to reach a settlement: [aes128-cbc, aes128-ctr, blowfish-cbc, cast128-cbc, cast128-ctr, idea-cbc, idea-ctr, serpent128-cbc, serpent128-ctr, 3des-cbc, 3des-ctr, twofish128-cbc, twofish128-ctr, arcfour, arcfour128] and [aes256-ctr]].
Solution
Due to import control restrictions by the governments of a few countries, the jurisdiction policy files shipped with the JDK from Sun Microsystems specify that "strong" but limited cryptography may be used. That means the JDK has a deliberate key size restriction by default. So you cannot perform an encryption with key more than 128 bits.
An "unlimited strength" version of these files indicating no restrictions on cryptographic strengths is available for those living in eligible countries (which is most countries). But only the "strong" version can be imported into those countries whose governments mandate restrictions. The JCE framework will enforce the restrictions specified in the installed jurisdiction policy files.
You may also encounter this issue when accessing SSL resources (e.g. RiouxSVN) which use encryption keys with a size greater than the default limit.Â
- Download according to your JRE version:
- Unzip into <JRE_HOME>/lib/security (overwrite existing files)
- Restart your JVM
- style