RFR JDK-8227024 : Remove the deprecated javax.security.cert APIs
Alan Bateman
Alan.Bateman at oracle.com
Tue Mar 17 08:55:17 UTC 2020
On 16/03/2020 08:31, Paul Stanley wrote:
> Hi.
>
>
> I believe that you should remove deprecated javax api's. By delaying
> it, you are pushing the problem into 2022.
>
>
> If they are removed now then it will force developers to use the
> correct crypto api's, rather than using a mixture which is what's
> currently happening.
>
>
> The compatibility problem for historic code can fixed by an optional
> 3rd party library/module.
No, the main issue here isn't the terminally deprecated
javax.security.cert package but the methods in the SSLSession interface
and HandshakeCompletedEvent class. See the follow-up thread "8241039,
Retire the deprecated SSLSession.getPeerCertificateChain() method" for
the proposal that provides a migration path for libraries once they get
to JDK 15 or newer.
-Alan
More information about the security-dev
mailing list