JDK-8157712 : Deprecate the javax.security.cert and com.sun.net.ssl APIs with forRemoval=true
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 9
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2016-05-24
  • Updated: 2019-07-01
  • Resolved: 2016-07-09
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 9
9 b127Fixed
Related Reports
Relates :  
Relates :  
Relates :  
Relates :  
Relates :  
Sub Tasks
JDK-8177045 :  
Description
JSSE 1.0.x was an unbundled release that provided JDK 1.2/1.3 with SSL/TLS, and was eventually bundled in JDK 1.4.

The com.sun.net.ssl APIs were deprecated in 1.4, but were left for backwards compatibility with JSSE 1.0.x applications.  They were never part of the 1.4+ API set.

    * @deprecated As of JDK 1.4, this implementation-specific class was
    *      replaced by {@link javax.net.ssl.X509TrustManager}. 

In JDK 9, com.sun.net.ssl are not exported in java.base, and any ancient application would need -XaddExports.

The javax.security.cert APIs were deprecated in 1.9 but have had the following warning (since 1.4.2) in the description of each class:

    Note: The classes in the package javax.security.cert exist for compatibility with earlier versions of the Java Secure Sockets Extension (JSSE).
    New applications should instead use the standard Java SE certificate classes located in java.security.cert. 

Since these earlier versions of JSSE are no longer maintained or supported, there is no reason to retain these packages for compatibility and they should be removed in a future release. 
Comments
FC Extension Request: ----------------------------- The javax.security.cert and com.sun.net.ssl APIs are of earlier versions of JSSE (JDK 1.2/1.3) and no longer maintained or supported, there is no reason to retain these packages for compatibility and they should be removed in a future release. These APIs should be marked for removal and removed in a future release (probably JDK 10). Low risk as this is a documentation only update. The Fix can be pushed within 1-2 days of approval since it is already implemented and reviewed.
05-07-2016