id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
14652	Remove Let's Encrypt certificate	Don-vip	team	"We added `DST_Root_CA_X3` CA (see #12264) in March 2016 because this CA was massively adopted on the web but Java was lagging behind everyone.

Java does support Let's Encrypt now, since [http://www.oracle.com/technetwork/java/javase/8u101-relnotes-3021761.html 8u101] released in July 2016.

Looking at usage statistics, **82.5%** of our users use a compatible version (as of April 2017):

{{{
J        649 ( 5.7%) Java/1.8.0_101
J        120 ( 1.1%) Java/1.8.0_102
J       1124 ( 9.9%) Java/1.8.0_111
J        103 ( 0.9%) Java/1.8.0_112
J       7366 (64.9%) Java/1.8.0_121
}}}

And **17%** do not:
{{{
J          9 ( 0.1%) Java/1.8.0
J         17 ( 0.1%) Java/1.8.0_05
J          9 ( 0.1%) Java/1.8.0_11
J         22 ( 0.2%) Java/1.8.0_20
J        122 ( 1.1%) Java/1.8.0_25
J        144 ( 1.3%) Java/1.8.0_31
J         56 ( 0.5%) Java/1.8.0_40
J        126 ( 1.1%) Java/1.8.0_45
J         81 ( 0.7%) Java/1.8.0_51
J        129 ( 1.1%) Java/1.8.0_60
J         96 ( 0.8%) Java/1.8.0_65
J        246 ( 2.2%) Java/1.8.0_66
J         52 ( 0.5%) Java/1.8.0_71
J          6 ( 0.1%) Java/1.8.0_72
J         97 ( 0.9%) Java/1.8.0_73
J         41 ( 0.4%) Java/1.8.0_74
J        141 ( 1.2%) Java/1.8.0_77
J        461 ( 4.1%) Java/1.8.0_91
J         62 ( 0.5%) Java/1.8.0_92
}}}

We should remove it when the percentage of impacted users drops to a very small number (**<5% ?**)."	enhancement	closed	normal	18.04	Core		fixed	certificate lets encrypt root ca