CSR Review Request, JDK-8218932 Remove the internal package com.sun.net.ssl

Mandy Chung mandy.chung at oracle.com
Thu Feb 14 20:40:20 UTC 2019

On 2/13/19 1:51 PM, Xuelei Fan wrote:
> Hi,
> Could I get the CSR reviewed:
>     https://bugs.openjdk.java.net/browse/JDK-8218932
> The internal package com.sun.net.ssl had been deprecated since JDK 1.4, 
> and was not exported in the java.base module since JDK 9.  Application 
> cannot use them directly now.  It should be safe to remove them in JDK 13.
> If you are using the internal package for some reason, please let me 
> know the compatibility impact by the end of Feb 20, 2019.
For those who are not aware of the jdeps tool:

jdeps -jdkinternals will flag static references to JDK internal
APIs and output some suggestion if a replacement API is known
like this:

JDK Internal API                         Suggested Replacement
----------------                         ---------------------
com.sun.net.ssl.HostnameVerifier         Use javax.net.ssl @since 1.4
com.sun.net.ssl.internal.ssl.Provider    Use 
java.security.Security.getProvider(provider-name) @since 1.3

Run jdeps on your libraries to find out any use of JDK internal


More information about the security-dev mailing list