On Thu, 28 Apr 2022 19:59:07 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> OpenSSL's help page shows >> >> -legacy Use legacy encryption: 3DES_CBC for keys, RC2_CBC for >> certs >> >> Can we also say "To work with legacy PKCS #12 files"? > > But isn't it mostly an issue when creating new keystores and not reading > existing ones? I would want to avoid users thinking that they had to set this > in more cases than needed. How about this? To work with legacy PKCS #12 tools that does not support the new algorithms, the system property "keystore.pkcs12.legacy" can be set which will override the properties defined here with old settings. This system property is equivalent to ------------- PR: https://git.openjdk.java.net/jdk/pull/8452
