On Thu, 28 Apr 2022 23:20:18 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> But isn't it mostly an issue when creating new keystores and not reading >> existing ones? I would want to avoid users thinking that they had to set >> this in more cases than needed. > > How about this? > > To work with legacy PKCS #12 tools that does not support the new algorithms, > the system property "keystore.pkcs12.legacy" can be set > which will override the properties defined here with old settings. > This system property is equivalent to I think the text above might still make some users concerned that they should always set this property. Maybe we can be less specific, and just say: "If you encounter compatibility issues with software that doesn't support the stronger algorithms, the system property ..." ------------- PR: https://git.openjdk.java.net/jdk/pull/8452
