RFR: 8285827: Describe the keystore.pkcs12.legacy system property in the java.security file
Weijun Wang
weijun at openjdk.java.net
Thu Apr 28 23:24:43 UTC 2022
On Thu, 28 Apr 2022 19:59:07 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> OpenSSL's help page shows
>>
>> -legacy Use legacy encryption: 3DES_CBC for keys, RC2_CBC for certs
>>
>> Can we also say "To work with legacy PKCS #12 files"?
>
> But isn't it mostly an issue when creating new keystores and not reading existing ones? I would want to avoid users thinking that they had to set this in more cases than needed.
How about this?
To work with legacy PKCS #12 tools that does not support the new algorithms,
the system property "keystore.pkcs12.legacy" can be set
which will override the properties defined here with old settings.
This system property is equivalent to
-------------
PR: https://git.openjdk.java.net/jdk/pull/8452
More information about the security-dev
mailing list