From 63f0251e314953db814ad435bd822b065efd90bb Mon Sep 17 00:00:00 2001
From: Matthew O'Riordan <matthew.oriordan@gmail.com>
Date: Wed, 21 Jun 2017 11:04:19 +0100
Subject: [PATCH 1/2] Crypto default 256 bit length like all other libraries

---
 lib/src/main/java/io/ably/lib/util/Crypto.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/src/main/java/io/ably/lib/util/Crypto.java b/lib/src/main/java/io/ably/lib/util/Crypto.java
index c7c8f8755..b45a71ac3 100644
--- a/lib/src/main/java/io/ably/lib/util/Crypto.java
+++ b/lib/src/main/java/io/ably/lib/util/Crypto.java
@@ -20,7 +20,7 @@
 /**
  * Utility classes and interfaces for message payload encryption.
  *
- * This class supports AES/CBC/PKCS5 with a default key length of 128 bits
+ * This class supports AES/CBC/PKCS5 with a default key length of 256 bits
  * but supporting other key lengths. Other algorithms and chaining modes are
  * not supported directly, but supportable by extending/implementing the base
  * classes and interfaces here.
@@ -37,7 +37,7 @@
 public class Crypto {
 
 	public static final String DEFAULT_ALGORITHM = "aes";
-	public static final int DEFAULT_KEYLENGTH = 128; // bits
+	public static final int DEFAULT_KEYLENGTH = 256; // bits
 	public static final int DEFAULT_BLOCKLENGTH = 16; // bytes
 
 	/**

From adf151f19ac749027de8cd164bf1cf898c9bbe50 Mon Sep 17 00:00:00 2001
From: Paddy Byers <paddy.byers@gmail.com>
Date: Sat, 29 Jul 2017 01:39:14 +0200
Subject: [PATCH 2/2] Set default length conditionally based on locally enabled
 policy

---
 lib/src/main/java/io/ably/lib/util/Crypto.java | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/lib/src/main/java/io/ably/lib/util/Crypto.java b/lib/src/main/java/io/ably/lib/util/Crypto.java
index b45a71ac3..c44de568b 100644
--- a/lib/src/main/java/io/ably/lib/util/Crypto.java
+++ b/lib/src/main/java/io/ably/lib/util/Crypto.java
@@ -37,7 +37,7 @@
 public class Crypto {
 
 	public static final String DEFAULT_ALGORITHM = "aes";
-	public static final int DEFAULT_KEYLENGTH = 256; // bits
+	public static final int DEFAULT_KEYLENGTH = is256BitsSupported() ? 256 : 128; // bits
 	public static final int DEFAULT_BLOCKLENGTH = 16; // bytes
 
 	/**
@@ -289,6 +289,19 @@ private static final int getPaddedLength(int plaintextLength) {
 		};
 	}
 
+	/**
+	 * Determine whether or not 256-bit AES is supported. (If this determines that
+	 * it is not supported, install the JCE unlimited strength JCE extensions).
+	 * @return
+	 */
+	private static boolean is256BitsSupported() {
+		try {
+			return Cipher.getMaxAllowedKeyLength(DEFAULT_ALGORITHM) >= 256;
+		} catch (NoSuchAlgorithmException e) {
+			return false;
+		}
+	}
+
 	/**
 	 * The default system SecureRandom
 	 */