Bug ID: JDK-8219861 Add new keytool -showinfo -tls command for displaying TLS configuration information

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 13	JDK 14
13 b16Fixed	14Fixed

This new command (-showinfo being the command, -tls being an option) would be used for displaying information about the system's TLS configuration, such as the enabled cipher suites (and their order) and the enabled protocols. This type of information is very useful to both users and administrators and can vary depending on what JDK release or update is installed on the system and if any changes have been made to the java.security file to restrict cipher suites or protocols. Previously we had been documenting the enabled suites and protocols in the JSSE security guide, but that has been proven to be a moving target and difficult to keep up-to-date as additional weak cipher suites have been restricted, often in update releases. Thus, a new keytool command to display the current configuration seems to be the best solution.

The new -showinfo command should probably support -v to display more detailed information. In the case of -tls, it cab include the enabled protocols/suites.