RFR: 8285827: Describe the keystore.pkcs12.legacy system property in the java.security file
Sean Mullan
mullan at openjdk.java.net
Fri Apr 29 13:21:46 UTC 2022
On Thu, 28 Apr 2022 23:20:18 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> But isn't it mostly an issue when creating new keystores and not reading existing ones? I would want to avoid users thinking that they had to set this in more cases than needed.
>
> How about this?
>
> To work with legacy PKCS #12 tools that does not support the new algorithms,
> the system property "keystore.pkcs12.legacy" can be set
> which will override the properties defined here with old settings.
> This system property is equivalent to
I think the text above might still make some users concerned that they should always set this property.
Maybe we can be less specific, and just say: "If you encounter compatibility issues with software that doesn't support the stronger algorithms, the system property ..."
-------------
PR: https://git.openjdk.java.net/jdk/pull/8452
More information about the security-dev
mailing list