20 lines
1.3 KiB
Plaintext
20 lines
1.3 KiB
Plaintext
[[ciphers]]
|
|
=== Enabling Cipher Suites for Stronger Encryption
|
|
|
|
The SSL/TLS protocols use a cipher suite that determines the strength of encryption used to protect the data. You may
|
|
want to increase the strength of encryption used when using a Oracle JVM; the IcedTea OpenJDK ships without these
|
|
restrictions in place. This step is not required to successfully use Shield.
|
|
|
|
The Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files enable additional cipher suites for
|
|
Java in a separate JAR file that you need to add to your Java installation. You can download this JAR file from
|
|
Oracle's http://www.oracle.com/technetwork/java/javase/downloads/index.html[download page]. The JCE Unlimited Strength
|
|
Jurisdiction Policy Files are required for encryption with key lengths greater than 128 bits, such as 256-bit AES
|
|
encryption.
|
|
|
|
After installation, all cipher suites in the JCE are available for use. To enable the use of stronger cipher suites with
|
|
Shield, configure the `ciphers` parameter. See the <<ref-ssl-tls-settings, Configuration Parameters for TLS/SSL>> section
|
|
of this document for specific parameter information.
|
|
|
|
NOTE: The JCE Unlimited Strength Jurisdiction Policy Files must be installed on all nodes to establish an improved level
|
|
of encryption strength.
|