Re: [PROPOSAL] Tomcat 10: change default certificateKeystoreType and truststoreType from JKS to PKCS12

[Coty Sutherland]

On Tue, Jan 28, 2020 at 12:07 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> All,
>
> The subject says it all.
>
> Java 9 is changing the default keystore type from JKS to PKCS12 and
> deprecating the use of JKS.
>
> Do we know what version of Java Tomcat 10 will require? I suspect it
> will be Java 9, so it will match.
>
> In any case, PKCS12 is a better format overall and it's very early in
> the Tomcat 10 lifecycle, so I think it's the right time to make this mov
> e.
>
> It looks like there is no default type for the trust store type
> (unless javax.net.ssl.trustStoreType has a default value), so I would
> propose that we also set that default type to PKCS12.
>

+1 :D


>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4wakwACgkQHPApP6U8
> pFg54hAAvtOwO8sGYHfllwEcQakaacJ6DvTG9YMb+mX3WvZVLPfQAv/Zn5ReV8fu
> 1tOd3Hux1W/CoYKiO4cMKjxn4mwO3/5lukYzNg1KtmsBpnqA15rUsci5VsivXMvR
> ylZkWLxt9TprcVc79cvlUrtj+xYTdiYv7p/YXGSh7JDSeSrqipGItW+QDKIH8kmg
> jNlgj67Gy2gCqGPIu/CZQgDQBn7nSWcaeB1U2WITFAKQhgCv+mCzEm6+oLrHhN9q
> IDBFqD7QlRSDRRAQTBgpnpaj2m/B5dBkXGMGMtRwkzx0IU6jO2nlWUkTmSFYn+js
> CneqphJ7szLj9JdbNUHrtBMxojDeJTejtigCTsnd+1DJEIoYJCOuy1D4e0V9eEiA
> kpaP5gsG6tN7fyk3E1w7xtmEq6dTPcNYv731RDMOC3WIQcBXxOQ5cFKhfxeWZBrZ
> mkdjksDoCizWLcmKA3p4xwNBsvi7qnOReq7TZfL1U/Lp39d/ncSxpTPxucOi5k5T
> PlJncwNsZA1tThfFjMlANXeYAeh74ajdMWAcRoIIzP09wyIQP2/pI6msBsQ6mr1j
> MOOt6b25XO9RgJBn/EYBlVKYjULdDSBd/ojcc92wZONhw8uqt6Ly7Xrj4t3eFQ4e
> EdjKPawmDhyZZ/B9IYC9p7doRuni26eBWx7wGkqQM3TqIn0Rc9k=
> =zoYm
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>