JDK-8186093 : A comment in the java.security configuration file incorrectly says that "strong but limited" is the default value
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Affected Version: 9
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2017-08-10
  • Updated: 2018-01-17
  • Resolved: 2017-08-31
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 10 JDK 9
10 b22Fixed 9.0.4Fixed
Related Reports
Relates :  
Relates :  
# Due to the import control restrictions of some countries, the default
# JCE policy files allow for strong but "limited" cryptographic key
# lengths to be used.  If your country's cryptographic regulations allow,
# the "unlimited" strength policy files can be used instead, which contain
# no restrictions on cryptographic strengths.

Since this is set by the configure" step, this section should be updated to describe the situation without naming the default, and let the user find the default value down further in the file.

Update the wording, and plan for backport.