[8u] request for review: 8062552 Support keystore type detection for JKS and PKCS12 keystores

Vincent Ryan vincent.x.ryan at oracle.com
Thu May 21 15:44:36 UTC 2015

Please review this enhancement to JDK 8u that addresses a compatibility risk for certain applications that access
keystores across JDK 8 and JDK 9 releases. The issue arises because the default keystore type is now PKCS12 in
JDK 9 but is JKS in earlier releases. The problem can occur when a keystore is created on JDK 9 using the default
keystore type but accessed on JDK 8 also using the default keystore type. This keystore type mismatch results in
an error.

The change introduces a keystore compatibility mode for JKS keystores where both JKS and PKCS12 file formats are
understood. Similar behaviour is already present in JDK 9 (JEP-229). The keystore.type.compat security property
controls whether the mode is enabled or not. By default it is enabled.

This enhancement enables at risk applications to continue to function across JDK 8 and JDK 9 without requiring any
application code changes.


Bug: https://bugs.openjdk.java.net/browse/JDK-8062552
Webrev: http://cr.openjdk.java.net/~vinnie/8062552/webrev.01/

More information about the security-dev mailing list