RFR 8238264: Exception thrown when setting javax.net.ssl.keyStoreType = PKCS11

Xuelei Fan xuelei.fan at oracle.com
Wed Feb 5 21:20:40 UTC 2020

On 2/5/2020 1:11 PM, Martin Balao wrote:
> On 2/5/20 4:10 PM, Xuelei Fan wrote:
>> For the property, the default key store is none.
> If "javax.net.ssl.keyStore" system property is not set, the default
> "keyStore" value is an empty string (not "NONE").
Yes, it is empty, no value, not the "NONE" string.

> We may not want to
>> introduce new compatibility risks by adding a new default value.
> I don't intend to change the default value. The default will continue to
> be an empty string. All I want is to fix the ambiguity between empty
> string and string "NONE" when checking the condition.
But with the patch, the value is indeed changed from none (empty) to 
"NONE" in logic.  You would also need to change other code if yo really 
want it (have the property value return "NONE", check other code to make 
sure "NONE" is used when it is "empty", documentation the special value, 
etc).  I don't think we want to the unnecessary conflicts and complex, 
for limited benefits.

I'm fine if you want to update documentation to make it clear that one 
need to set the keyStore to "NONE" for PKCS11.


> If
>> application want to use key store other than the default one, it is
>> required to set it.
> Yes, sure. I'm not discussing this.
> Thanks,
> Martin.-

More information about the security-dev mailing list