-
Bug
-
Resolution: Unresolved
-
P4
-
17-pool-oracle
The format for the JDK default truststore (cacerts) changed from JKS to PKCS12 in JDK 18. See JDK-8275253
sun.security.ssl.TrustStoreManager.TrustStoreDescriptor#createInstance creates the "cacerts' trustore with a keystore type of 'KeyStore.getDefaultType()' - this could be corrected since cacerts in JDK 17 and earlier is still in the JKS format. (and the default type is pkcs12 since JDK 9 - seeJDK-8044445)
For older JDK release families Keystore providers still need to be JKS aware. The JDK provider has an interop mode built in but some third party providers may not have an interop fallback mode to test between PKCS12 and JKS formats.
sun.security.ssl.TrustStoreManager.TrustStoreDescriptor#createInstance creates the "cacerts' trustore with a keystore type of 'KeyStore.getDefaultType()' - this could be corrected since cacerts in JDK 17 and earlier is still in the JKS format. (and the default type is pkcs12 since JDK 9 - see
For older JDK release families Keystore providers still need to be JKS aware. The JDK provider has an interop mode built in but some third party providers may not have an interop fallback mode to test between PKCS12 and JKS formats.
- relates to
-
JDK-8275252 Migrate cacerts from JKS to password-less PKCS12
-
- Resolved
-