Installing Java Cryptography Extension (JCE) Files

Installing the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.

Starting with Java 1.8.0_162, JCE unlimited policy is enabled by default. You no longer need to install the policy file in the JRE or set the security property crypto.policy.

Installing the JCE Unlimited Strength Jurisdiction Policy Files can ensure support for all encryption algorithms when using Oracle Java with SSL on Apache Cassandra, and it highly recommended. The files must be installed on every node in the cluster.

Some of the cipher suites in the default cassandra.yaml are included only in the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. To ensure support for all encryption algorithms, install the JCE Unlimited Strength Jurisdiction Policy Files.

Install the JCE files using the appropriate method for your database installation:

Installing the JCE on RHEL-based systems

  1. If necessary, install the EPEL repository:
    sudo yum install epel-release
  2. Installing the JCE using the Oracle JAR files:
    1. Download the Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from Oracle Java SE download page under Additional Resources.
    2. Unzip the downloaded file.
    3. Copy local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security directory to overwrite the existing jar files.

Installing the JCE on Debian-based systems

Install JCE using webupd8 PPA repository:
sudo apt-get install oracle-java8-unlimited-jce-policy