/ / $Header: javavm/lib/security/README.txt /main/3 2018/07/10 11:26:05 etucker Exp $ / / README.txt / / Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. / / NAME / README.txt - javavm/lib/security / / DESCRIPTION / Describes The internal storage of security files. / / NOTES / / / MODIFIED (MM/DD/YY) / etucker 05/16/18 - Creation / Beginning in 19.1 all the javavm/lib/security files are now part of classes.bin. This means that the files cannot be changed so the defaults are immutable. There have been methods provided for changing certain files. 1.0 JCE Policy Files The JCE policy files US_export_policy.jar and local_policy.jar are now included as resources in classes.bin. There is a system level property oracle.aurora.crypto.policy.type is set to "unlimited" by default. If set to "limited" then restrictions are placed on key lengths. The change of the property will not be effective in any currently running sessions. 2.0 CACERTS The default cacerts file is now a resource in classes.bin. If cacerts needs to be changed it can be created as a resource named 'lib/security/cacerts.alt' or 'lib/security/jssecacerts' in SYS. The normal search for cacert files will be for resources 'lib/security/jssecacerts', 'lib/security/cacerts.alt', and 'lib/security/cacerts' respectively. The new cacerts will not be available in any currently running JAVAVM session. blacklisted.certs can be loaded into SYS as the resource 'lib/security/blacklisted.certs'. 3.0 java.security.alt An alternate java.security can be added to the database by creating a resource 'lib/security/java.security.alt' in SYS. On Linux.X64 platforms dbms_java.rehotload() will need to be performed. Other platforms will need to execute 'create or replace java system' new java.security entries to be used.