Java 26 Release Notes
6 hours ago
- #Security
- #JDK
- #TLS
- JDK will stop trusting TLS server certificates issued after March 17, 2026, anchored by Chunghwa root certificates.
- Certificates issued on or before March 17, 2026, will remain trusted until expiration.
- Restrictions are enforced in the JDK's SunJSSE Provider of the JSSE API.
- Applications will receive an exception if the certificate is issued after the cutoff date and anchored by a distrusted Chunghwa root CA.
- JDK can be reconfigured to trust these certificates by modifying the 'jdk.security.caDistrustPolicies' property.
- The affected Chunghwa root certificates are listed with their SHA-256 fingerprints.
- Use 'keytool' to check certificate chains and update certificates if necessary.