wso2 · Shazaanashraff · May 18, 2026
@@ -45,8 +45,8 @@ To prevent these types of security attacks, it is encouraged to disable the weak
 
 !!! tip
 
-    - To use AES-256, the Java JCE Unlimited Strength Jurisdiction Policy files need to be installed. Download them from [http://www.oracle.com/technetwork/java/javase/downloads/index.html](http://www.oracle.com/technetwork/java/javase/downloads/index.html), if your Java installation does not have it installed.
-    -   From Java 7, you must set the `jdk.certpath.disabledAlgorithms` property in the `<JAVA_HOME>/jre/lib/security/java.security` file to `jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048` . It rejects all algorithms that have key sizes less than 2048 for MD2, DSA and RSA.
+    - For JDK 8u161+ and all newer JDKs (including JDK 21), unlimited strength crypto is enabled by default, so no additional policy files are required.
+    - For JDK 9+ (including JDK 21), set the `jdk.certpath.disabledAlgorithms` property in the `<JAVA_HOME>/conf/security/java.security` file to `jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048`. It rejects all algorithms that have key sizes less than 2048 for MD2, DSA and RSA.
 
 #### Configuring PassThrough transport-level ciphers and TLS versions
 

@@ -129,7 +129,7 @@ is <a href="{{base_path}}/assets/attachments/learn/api-authentication-handler.ja
 support any custom authentication mechanism by writing your own authentication handler class.
 
 Given below is an example implementation. Please find the complete project archive [here]({{base_path}}/assets/attachments/reference/org.wso2.carbon.test.authenticator.zip). 
-You can download, unzip and build the project using maven and Java 7 or 8.
+You can download, unzip and build the project using Maven and a supported JDK (for API-M 4.7, JDK 21).
 
 ``` java
 package org.wso2.carbon.test;