RFR: 8280494: (D)TLS signature schemes [v13]

[Sean Mullan]

On Mon, 7 Feb 2022 22:00:21 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> src/java.base/share/classes/javax/net/ssl/SSLParameters.java line 744:
>> 
>>> 742:      * the {@systemProperty jdk.tls.client.SignatureSchemes} and/or
>>> 743:      * {@systemProperty jdk.tls.server.SignatureSchemes} system properties to
>>> 744:      * customize the provider-specific default signature schemes.
>> 
>> This still doesn't say if the properties override the API. I would suggest adding a sentence: "If set, these properties will override the signature schemes returned by this method."
>> 
>> Similar comment in `setSignatureSchemes`.
>
> I think lines 714-816/723-725 describe the behavior already.
> 
> I was hesitate to use "override", as the System Property values and the default signature schemes are not actually overrode.  The default signature schemes are still there, and they are not just used for this specific connection, when the connection use the non-default values.
> 
> It might be something like, "If the returned array of this method is not {@code null} or empty, the default signature schemes are not used, and signature schemes in the returned array of this method will be used instead".  But I think it is a duplicate of lines 714-816/723-725 .

Sorry, you will have to bear with me as I am still not sure how it works - I want to know who wins, the API or the properties, if both are set and I can't find where it answers that above. Maybe I need to read the code. Are you maybe saying that this method returns the value of the system properties if they are set?

-------------

PR: https://git.openjdk.java.net/jdk/pull/7252