-
Type:
Sub-task
-
Resolution: Unresolved
-
Priority:
P4
-
Affects Version/s: 26
-
Component/s: security-libs
-
Fix Understood
The tools and [KeyStore] APIs has been updated to warn users when legacy JKS and JCEKS keystores are used, as they use outdated cryptographic algorithms and will be removed in a future release. Users are advised to migrate to the PKCS12 keystore using the keytool -importkeystore command.
The following changes have been made:
- The existing warning emitted by the keytool tool has been updated to warn the removal of the JKS and JCEKS keystores.
- The [jarsigner] tool has been updated to emit a warning when JKS or JCEKS keystores are used.
- The [KeyStore.load()] and [KeyStore.store()] APIs have been updated to emit a debug warning when operating on JKS or JCEKS keystores and the java.security.debug=keystore is enabled.
All warnings inform the user that JKS and JCEKS use outdated cryptographic algorithms and will be removed in a future release. Users are advised to migrate to the PKCS12 keystore.
The following changes have been made:
- The existing warning emitted by the keytool tool has been updated to warn the removal of the JKS and JCEKS keystores.
- The [jarsigner] tool has been updated to emit a warning when JKS or JCEKS keystores are used.
- The [KeyStore.load()] and [KeyStore.store()] APIs have been updated to emit a debug warning when operating on JKS or JCEKS keystores and the java.security.debug=keystore is enabled.
All warnings inform the user that JKS and JCEKS use outdated cryptographic algorithms and will be removed in a future release. Users are advised to migrate to the PKCS12 keystore.