Enhance the security libraries to log usage of weak algorithms, key sizes, protocols and other crypto events of interest.
Via the introduction of JFR Crypto Events (JDK-8186986), security library code could start recording events of particular interest to the JFR recording framework (if enabled). Code using this new 'EventRuntime' API would be inserted into security library classes and could communicate directly with JFR libraries if present. If not present, we have have stub holders that simply end up logging to the System Logger as a fall back.
Examples of events to record would be :
* Certificates encountered while setting up a TLS connection
* TLS protocol version and ciphersuite used for each TLS connection attempt
* Overriding of default security properties
Once such data is recorded, there's potential for a client tool, coupled with a ruleset to analyze the new events and report back to system administrators about the overall strength of their Java applications with respect to cryptographic standards.