JDK-8013035 : Improve error message reporting around use of strong crypto encryption requests
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Affected Version: 8
  • Priority: P3
  • Status: Closed
  • Resolution: Won't Fix
  • Submitted: 2013-04-23
  • Updated: 2019-02-11
  • Resolved: 2018-08-20
Related Reports
Duplicate :  
JDK-8146315 - Better diagnostic information when unlimited policy files are missing
Relates :  
JDK-8146315 - Better diagnostic information when unlimited policy files are missing
Relates :  
JDK-7024850 - Consider shipping Unlimited Crypto Policy files by default.
Description
We should consider improving the exception messages thrown when applications are denied a request for a strong encryption ciphers. i.e. Message should hint at obtaining unlimited strength JCE policy files. It should help clear confusion for some users/developers that may not be aware of the strong versus stronger JCE policy files configuration.

An example would be to make this exception more verbose in messaging : 
jdk/src/share/classes/javax/crypto/Cipher.java#1068

        if (!cryptoPerm.implies(checkPerm)) {
            if (debug != null) {
                debug.println("Crypto Permission check failed");
                debug.println("granted: " + cryptoPerm);
                debug.println("requesting: " + checkPerm);
            }
Comments
Unlimited crypto is the default in Oracle JDK releases now. I don't see a strong need to address this suggestion any longer.
20-08-2018
This is a Oracle implementation details, so please be sure to not change the messaging to be Oracle specific. Also, we might be able to have strong by default in JDK8, JDK-7024850, so keep an eye on this one.
29-04-2013