In Oracle security guide regarding KeyManagerFactory, there has been a note mentioning that the SunX509 factory is for backwards compatibility with older releases, and should no longer be used.
Security Developer’s Guide - 4 JDK Providers Documentation - The SunJSSE Provider
https://docs.oracle.com/en/java/javase/25/security/oracle-providers.html#GUID-7093246A-31A3-4304-AC5F-5FB6400405E2
And it appears that the default value is going to be changed.
Change the default key manager to PKIX
https://bugs.openjdk.org/browse/JDK-8272875
8272875: Change the default key manager to PKIX #24756
openjdk/jdk#24756
Update "Security Developer's Guide" documentation.
https://bugs.openjdk.org/browse/JDK-8355771
It would be beneficial if the Liberty documentation like https://openliberty.io/docs/latest/security-hardening.html explains the KeyManagerFactory consideration too, allowing users to aware of it from both the Java and Liberty perspectives and choose the appropriate option accordingly.
In Oracle security guide regarding KeyManagerFactory, there has been a note mentioning that the SunX509 factory is for backwards compatibility with older releases, and should no longer be used.
Security Developer’s Guide - 4 JDK Providers Documentation - The SunJSSE Provider
https://docs.oracle.com/en/java/javase/25/security/oracle-providers.html#GUID-7093246A-31A3-4304-AC5F-5FB6400405E2
And it appears that the default value is going to be changed.
Change the default key manager to PKIX
https://bugs.openjdk.org/browse/JDK-8272875
8272875: Change the default key manager to PKIX #24756
openjdk/jdk#24756
Update "Security Developer's Guide" documentation.
https://bugs.openjdk.org/browse/JDK-8355771
It would be beneficial if the Liberty documentation like https://openliberty.io/docs/latest/security-hardening.html explains the KeyManagerFactory consideration too, allowing users to aware of it from both the Java and Liberty perspectives and choose the appropriate option accordingly.