DIP, Oracle, and Strong Encryption

DIP, Oracle, and Strong Encryption

In attempting to connect DIP to a third party (Tivoli) LDAP, I received an error that complained – “RSA premaster secret error” as well as a warning – “Simple bind failed.”  After some exploration, it was discovered that the SSL key Tivoli used was too large (> 64 bits).

Out-of-the-Box

Oracle does NOTsupport “strong encryption” due to US Export Restrictions in its’ Java installations.  As a result, “Unrestricted JCE Policy Files” need to be installed.

You can download those files on Oracle’s site after agreeing to the terms (including the US Export Restrictions): Link

Then, copy the JARs from the downloaded/extracted ZIP into the JRE “…/lib/security” folder.

Case Specific

In my case, specifically, I was installing on AIX and needed to retrieve specific JARs from IBM

https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=jcesdk&lang=en_US&S_PKG=142ww&cp=UTF-8

Admittedly

Even though I’ve known that the US Export Restrictions restricts strong encryption products, this is the first time it has ever required me to go through additional package installation steps.

Hopefully this advise and my suffering will save some time and hassle if you encounter the same problem.

 

Note:

As of 2009, non-military cryptography exports from the U.S. are controlled by the Department of Commerce’s Bureau of Industry and Security.