On Fri, 29 Apr 2022 20:40:46 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> It's a little long, but I can see why it is useful, so I think it's good. I >> would avoid the word "new" as this won't be new in a few years time. Here is >> an edit where I removed words which I thought were not essential: >> >>> Some PKCS #12 tools and libraries may not support algorithms based on PBES2 >>> and AES. >>> To create a PKCS #12 keystore which they can load, set the system property >>> "keystore.pkcs12.legacy" which overrides the values of the properties >>> defined below with >>> legacy algorithms. Setting this system property is equivalent to >>> >>> .... >>> >>> Also, you can downgrade an existing PKCS #12 keystore created with stronger >>> algorithms >>> to legacy algorithms with >>> >>> keytool -J-Dkeystore.pkcs12.legacy -importkeystore -srckeystore ks >>> -destkeystore ks >>> >>> This system property should be used at your own risk. >> >> Don't think you really need the sentence below, as you have already given >> several examples: >> >>> Please note there is >>> no value defined for this system property, i.e. "-Dkeystore.pkcs12.legacy" >>> has the same effect as "-Dkeystore.pkcs12.legacy=<any value>". > > The reason I added the last sentence is because this property has no value. > Someone might think they can set it to false to disable it, but that is > equivalent to set it to true. Ah I see. Maybe put in the previous sentence, ex: "When set, this system property (which can only be enabled and has no value) is equivalent to:" Just a suggestion. ------------- PR: https://git.openjdk.java.net/jdk/pull/8452