RFR JDK-8227024 : Remove the deprecated javax.security.cert APIs

Alan Bateman Alan.Bateman at oracle.com
Tue Mar 17 08:55:17 UTC 2020

On 16/03/2020 08:31, Paul Stanley wrote:
> Hi.
> I believe that you should remove deprecated javax api's. By delaying 
> it, you are pushing the problem into 2022.
> If they are removed now then it will force developers to use the 
> correct crypto api's, rather than using a mixture which is what's 
> currently happening.
> The compatibility problem for historic code can fixed by an optional 
> 3rd party library/module.
No, the main issue here isn't the terminally deprecated 
javax.security.cert package but the methods in the SSLSession interface 
and HandshakeCompletedEvent class. See the follow-up thread "8241039, 
Retire the deprecated SSLSession.getPeerCertificateChain() method" for 
the proposal that provides a migration path for libraries once they get 
to JDK 15 or newer.


More information about the security-dev mailing list