JKS keystore is known to be broken / insecure.

In some environments JKS may not be the default keystore (or may not be possible to use due to its insecurity).

Therefore the KeyStore used by winstone for TLS termination should either be configurable, or use the default keystore.