On 16/03/2020 08:31, Paul Stanley wrote:
Hi.
I believe that you should remove deprecated javax api's. By delaying
it, you are pushing the problem into 2022.
If they are removed now then it will force developers to use the
correct crypto api's, rather than using a mixture which is what's
currently happening.
The compatibility problem for historic code can fixed by an optional
3rd party library/module.
No, the main issue here isn't the terminally deprecated
javax.security.cert package but the methods in the SSLSession interface
and HandshakeCompletedEvent class. See the follow-up thread "8241039,
Retire the deprecated SSLSession.getPeerCertificateChain() method" for
the proposal that provides a migration path for libraries once they get
to JDK 15 or newer.
-Alan