I thought the crypto providers were supposed to “ask the next one down the line” if something is not supported? Have you tried some unsupported thing and seen it break? My understanding of the providers being an ordered list was that isn’t supposed to happen.
-Jeremiah > On Jul 26, 2023, at 3:23 AM, Mick Semb Wever <m...@apache.org> wrote: > > > > > > >> That means that if somebody is on 4.0 and they upgrade to 5.0, if they use >> some ciphers / protocols / algorithms which are not in Corretto, it might >> break their upgrade. > > > > If there's any risk of breaking upgrades we have to go with (2). We support > a variation of JCE configurations, and I don't see we have the test coverage > in place to de-risk it other than going with (2). > > Once the yaml configuration is in place we can then change the default in the > next major version 6.0. > >
