diff --git a/oracle-jdk/defaults/main.yml b/oracle-jdk/defaults/main.yml
index d628bbc7..bb8d7bc6 100644
--- a/oracle-jdk/defaults/main.yml
+++ b/oracle-jdk/defaults/main.yml
@@ -6,6 +6,7 @@ jdk_version:
   - '{{ jdk_default }}'
 jdk_java_home: '/usr/lib/jvm/java-{{ jdk_default }}-oracle'
 jdk_pkg_state: installed
+jdk_install_strong_encryption_policy: False
 # If we want a different oracle jdk set the following variables in the local playbook:
 #  jdk_java_home: /usr/lib/jvm/java-7-0-25
 #  jdk_use_tarfile: True
diff --git a/oracle-jdk/files/jdk-7-US_export_policy.jar b/oracle-jdk/files/jdk-7-US_export_policy.jar
new file mode 100644
index 00000000..71732130
Binary files /dev/null and b/oracle-jdk/files/jdk-7-US_export_policy.jar differ
diff --git a/oracle-jdk/files/jdk-7-local_policy.jar b/oracle-jdk/files/jdk-7-local_policy.jar
new file mode 100644
index 00000000..c34d0362
Binary files /dev/null and b/oracle-jdk/files/jdk-7-local_policy.jar differ
diff --git a/oracle-jdk/files/jdk-8-US_export_policy.jar b/oracle-jdk/files/jdk-8-US_export_policy.jar
new file mode 100644
index 00000000..251b102c
Binary files /dev/null and b/oracle-jdk/files/jdk-8-US_export_policy.jar differ
diff --git a/oracle-jdk/files/jdk-8-local_policy.jar b/oracle-jdk/files/jdk-8-local_policy.jar
new file mode 100644
index 00000000..1c58939b
Binary files /dev/null and b/oracle-jdk/files/jdk-8-local_policy.jar differ
diff --git a/oracle-jdk/tasks/main.yml b/oracle-jdk/tasks/main.yml
index bdbd1b59..127827c3 100644
--- a/oracle-jdk/tasks/main.yml
+++ b/oracle-jdk/tasks/main.yml
@@ -2,34 +2,23 @@
 - name: setup the Oracle JDK repository
   apt_repository: repo='ppa:webupd8team/java'
   register: update_apt_cache
-  tags:
-    - jdk
-
-# Set the Oracle JDK license as accepted before installing the package, to avoid the confirmation box at configuration time.
-# - name: Accept the Oracle Java license
-#   raw: echo 'oracle-java{{ item }}-installer shared/accepted-oracle-license-v1-1 select true' | debconf-set-selections
-#   with_items: jdk_version
-#   tags:
-#     - jdk
+  tags: jdk
 
 - name: Accept the Oracle Java license
   debconf: name='oracle-java{{ item }}-installer' question='shared/accepted-oracle-license-v1-1' value='true' vtype='select'
   with_items: jdk_version
-  tags:
-    - jdk
+  tags: jdk
 
 - name: Update the apt cache
   apt: update_cache=yes
   when: update_apt_cache.changed or jdk_pkg_state == 'latest'
-  tags:
-    - jdk
+  tags: jdk
 
 - name: Install the latest version of Oracle JDK
   apt: pkg=oracle-java{{ item }}-installer state={{ jdk_pkg_state }} force=yes
   when: jdk_use_tarfile is not defined or not jdk_use_tarfile
   with_items: jdk_version
-  tags:
-    - jdk
+  tags: jdk
 
 - name: Set the JDK default via update-alternatives
   apt: pkg=oracle-java{{ item }}-set-default state={{ jdk_pkg_state }} force=yes
@@ -38,16 +27,21 @@
   notify:
     Set the default Oracle JDK
   when: jdk_default is defined
-  tags:
-    - jdk
+  tags: jdk
 
 - name: Install a custom version of Oracle JDK from a tar file
   unarchive: src={{ jdk_tarfile }} dest={{ jdk_java_home_prefix }}
   when: jdk_use_tarfile is defined and jdk_use_tarfile
-  tags:
-    - jdk
+  tags: jdk
 
 - name: Set fact jdk_installed
   set_fact: jdk_installed=True
-  tags:
-    - jdk
+  tags: [ 'jdk', 'jdk_security' ]
+
+- name: Install the strong encryption policy files
+  copy: src=jdk-{{ item.0 }}-{{ item.1 }} dest={{ jdk_java_home }}/jre/lib/security/{{ item.1}} mode=0444 owner=root group=root
+  with_nested:
+    - '{{ jdk_version }}'
+    - [ 'US_export_policy.jar', 'local_policy.jar' ]
+  when: jdk_install_strong_encryption_policy
+  tags: [ 'jdk', 'jdk_security' ]