Use the file in Java 8
Starting with Java 8, WebSphere uses the IBMJDK file.
On other versions of the JDK, WebSphere provides a customized file. The WebSphere runtime security code has been modified to set up the java security information that used to be part of the customized file.
Provider List
WebSphere comes with a custom provider list that includes the PKCS11 and CMS providers that the IBMJDK provider list did not previously include by default. These providers are now programmatically added in Java 8. The code does check to see if these providers exist already in the provider list before adding them.
Default SSLSocketFactory and SSLServerSocketFactory
WebSphere SSL code depends on custom socket factories for features like programmatic SSL and Dynamic outbound SSL. The custom socket factories are set using the security properties defined in the file. The WebSphere SSL initialization code programmatically sets these properties if they are not set so that the feature that depends on them continues to work on the server.
Thin clients and admin clients typically use the SSL initialization code that sets the WebSphere socket factories programmatically, but there have been cases where users write client programs that depend on the WebSphere socket factories to initialize WebSphere client SSL. If a client needs the WebSphere socket factories set in order for WebSphere client SSL initialization to take place, they can edit the JDK's file to include the socket factory properties. user can also create a new file to include the two properties that are previously listed and then on the client process use the system property to point to the file containing the socket factory properties. The client program can be called like this assuming the properties are in a file called
java clientProgramWebSphere also provides a mechanism to augment the file. If we need to make system-wide changes to the file, edit the WAS_HOME/properties/ file. Any updates that are put in this file overrides the java/jre/security/ file. We should only add differences to this file, and not replace the entire contents, because doing this will allow any security vulnerabilities that are fixed in a future Java service release to be picked up. The file in the java/jre/lib/security directory is overwritten when java updates are applied, but the file in WAS_HOME/properties is non-serviceable.