[8u] request for review: 8062552 Support keystore type detection for JKS and PKCS12 keystores
vincent.x.ryan at oracle.com
Thu May 21 15:44:36 UTC 2015
Please review this enhancement to JDK 8u that addresses a compatibility risk for certain applications that access
keystores across JDK 8 and JDK 9 releases. The issue arises because the default keystore type is now PKCS12 in
JDK 9 but is JKS in earlier releases. The problem can occur when a keystore is created on JDK 9 using the default
keystore type but accessed on JDK 8 also using the default keystore type. This keystore type mismatch results in
The change introduces a keystore compatibility mode for JKS keystores where both JKS and PKCS12 file formats are
understood. Similar behaviour is already present in JDK 9 (JEP-229). The keystore.type.compat security property
controls whether the mode is enabled or not. By default it is enabled.
This enhancement enables at risk applications to continue to function across JDK 8 and JDK 9 without requiring any
application code changes.
More information about the security-dev