RFR: 8285827: Describe the keystore.pkcs12.legacy system property in the java.security file
Sean Mullan
mullan at openjdk.java.net
Thu Apr 28 19:51:43 UTC 2022
On Thu, 28 Apr 2022 14:35:54 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> We added a new system property back in https://bugs.openjdk.java.net/browse/JDK-8153005 but it's better to describe it in the `java.security` file as well.
>
> Please review the text. I especially added the last sentence so that people won't set `-Dkeystore.pkcs12.legacy=false`.
src/java.base/share/conf/security/java.security line 1174:
> 1172: # If the property is not set or empty, a default value will be used.
> 1173: #
> 1174: # For compatibility, the system property "keystore.pkcs12.legacy" can be set
Was wondering if we should add why you might want to set this property, ex: "For compatibility with JDK or PKCS12 implementations that do not support the stronger algorithms ..."
Compatibility with prior JDK versions should be less of an issue over time as these stronger settings and algs have been backported to prior JDKs.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8452
More information about the security-dev
mailing list