Installing JCE for all encryption algorithm and AES-256 support 

DataStax recommends installing the JCE Unlimited Strength Jurisdiction Policy Files to ensure support for all encryption algorithms and when using Oracle Java.

DataStax recommends installing the JCE Unlimited Strength Jurisdiction Policy Files to ensure support for all encryption algorithms, especially AES-256 for Kerberos when using Oracle Java.

Some of the cipher suites in the default set of server_encryption_options in cassandra.yaml are included only in the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. To ensure support for all encryption algorithms, install the JCE Unlimited Strength Jurisdiction Policy Files.

By default Kerberos uses the AES-256 cipher. DataStax recommends using AES-256 encryption. OpenJDK includes AES-256. However, Oracle Java does not include the AES-256 cipher due to export restrictions to certain countries. To use AES-256 with Oracle Java, install the JCE Unlimited Strength Jurisdiction Policy Files.

Install the JCE Unlimited Strength Jurisdiction Policy using one of the following methods:

Installing the JCE on RHEL-based systems

Install the EPEL repository:
$ sudo yum install epel-release

Installing the JCE on Debian-based systems

Install JCE using webupd8 PPA repository:

$ sudo apt-get install oracle-java8-unlimited-jce-policy

Installing the JCE using the Oracle JAR

  1. Download the Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from Oracle Java SE download page.
  2. Unzip the downloaded file.
  3. Copy local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security directory to overwrite the existing JARS.