-
Type:
Sub-task
-
Resolution: Delivered
-
Priority:
P4
-
Affects Version/s: 26
-
Component/s: security-libs
The tools and [KeyStore] APIs have been updated to warn users when legacy JKS and JCEKS keystores are used, as they use outdated cryptographic algorithms and will be removed in a future release. Users are instead advised to migrate to a PKCS12 keystore using the `keytool -importkeystore` command.
The following changes have been made:
- The existing warning emitted by [keytool] has been updated to warn of the removal of the JKS and JCEKS keystores.
- [jarsigner] has been updated to emit a warning when a JKS or JCEKS keystore is used.
- The [KeyStore.load()] and [KeyStore.store()] APIs have been updated to emit a debug warning when operating on a JKS or JCEKS keystore and `-Djava.security.debug=keystore` is enabled.
All warnings inform the user that JKS and JCEKS use outdated cryptographic algorithms and will be removed in a future release. Users are advised to migrate to a PKCS12 keystore.
The following changes have been made:
- The existing warning emitted by [keytool] has been updated to warn of the removal of the JKS and JCEKS keystores.
- [jarsigner] has been updated to emit a warning when a JKS or JCEKS keystore is used.
- The [KeyStore.load()] and [KeyStore.store()] APIs have been updated to emit a debug warning when operating on a JKS or JCEKS keystore and `-Djava.security.debug=keystore` is enabled.
All warnings inform the user that JKS and JCEKS use outdated cryptographic algorithms and will be removed in a future release. Users are advised to migrate to a PKCS12 keystore.