On Thu, 28 Apr 2022 19:48:38 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> We added a new system property back in >> https://bugs.openjdk.java.net/browse/JDK-8153005 but it's better to describe >> it in the `java.security` file as well. >> >> Please review the text. I especially added the last sentence so that people >> won't set `-Dkeystore.pkcs12.legacy=false`. > > src/java.base/share/conf/security/java.security line 1174: > >> 1172: # If the property is not set or empty, a default value will be used. >> 1173: # >> 1174: # For compatibility, the system property "keystore.pkcs12.legacy" can >> be set > > Was wondering if we should add why you might want to set this property, ex: > "For compatibility with JDK or PKCS12 implementations that do not support the > stronger algorithms ..." > > Compatibility with prior JDK versions should be less of an issue over time as > these stronger settings and algs have been backported to prior JDKs. OpenSSL's help page shows -legacy Use legacy encryption: 3DES_CBC for keys, RC2_CBC for certs Can we also say "To work with legacy PKCS #12 files"? ------------- PR: https://git.openjdk.java.net/jdk/pull/8452
