The deprecated SSLSession.getPeerCertificateChain() method is using the deprecated javax.security.cert.X509Certificate. As it is an interface method, removing this method would cause compiler error for old implementations. The compiler compatibility impact make it hard to remove the deprecated package javax.security.cert in JDK (see JDK-8227024).

However, we need to move forward to clear deprecated APIs. To make it, we may be able to go with having default getPeerCertificateChain() method , throwing exception in the default implementation, and removing the real implementation in the providers. As would reduce the source code compatibility risks. We may come back to remove the deprecated package javax.security.cert in a few years.