TLS server certificates anchored by the Chunghwa root CAs are distrusted or distrusted after a specific date by Google [1] and Mozilla [2].

This enhancement will implement similar restrictions in the JDK.

The restrictions will be enforced in the SunJSSE Provider of the Java Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server's certificate chain is anchored by any of the Certificate Authorities in the table below and the certificate's notBefore date is after March 17, 2026. An application will receive an Exception with a message indicating the trust anchor (root) is not trusted, ex:

   "TLS Server certificate issued after 2026-03-17 and anchored by a distrusted legacy Chunghwa root CA: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW"

If necessary, you can work around the restrictions by removing "CHUNGHWA_TLS" from the "jdk.security.caDistrustPolicies" security property.

The restrictions will be imposed on the following Chunghwa root CA certificate (identified by Distinguished Name) included in the JDK:

- OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW

The JDK only includes one Chunghwa root CA certificate.

[1] https://security.googleblog.com/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.html
[2] https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/uYAm_c_pfos/m/Pz5m5PAZBwAJ