Installing Java Cryptography Extension (JCE) Files

Installing the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.

Installing the JCE Unlimited Strength Jurisdiction Policy Files can ensure support for all encryption algorithms when using Oracle Java with SSL on Apache Cassandra, and it highly recommended. The files must be installed on every node in the Cassandra cluster.

Some of the cipher suites in the default cassandra.yaml are included only in the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. To ensure support for all encryption algorithms, install the JCE Unlimited Strength Jurisdiction Policy Files.

The location of the cassandra.yaml file depends on the type of installation:
DataStax Enterprise 5.0 Installer-Services and package installations /etc/dse/cassandra/cassandra.yaml
DataStax Enterprise 5.0 Installer-No Services and tarball installations install_location/resources/cassandra/conf/cassandra.yaml
Cassandra package installations /etc/cassandra/cassandra.yaml
Cassandra tarball installations install_location/resources/cassandra/conf/cassandra.yaml

Install the JCE files using the appropriate method for your Cassandra installation:

Installing the JCE on RHEL-based systems

  1. If necessary, install the EPEL repository:
    sudo yum install epel-release
  2. Installing the JCE using the Oracle JAR files:
    1. Download the Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from Oracle Java SE download page under Additional Resources.
    2. Unzip the downloaded file.
    3. Copy local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security directory to overwrite the existing jar files.

Installing the JCE on Debian-based systems

Install JCE using webupd8 PPA repository:
sudo apt-get install oracle-java8-unlimited-jce-policy