RFR: 8351354: Enhance java -XshowSettings:security:tls to show enabled TLS groups and signature algorithms [v2]
Artur Barashev
abarashev at openjdk.org
Fri Aug 1 19:27:55 UTC 2025
On Fri, 1 Aug 2025 19:08:22 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
> Thanks for the latest screenshot. I don't think the signature algorithms should be "none". If we can't access the provider-specific defaults, then I think we should omit this information for now. @artur-oracle or @haimaychao can you check this out and see if there is a way to get those defaults? Thanks.
We actually have 2 lists of signature algorithms: one for the handshake and another for certificates. Both lists are being constructed only during the TLS handshake (see `SignatureScheme.updateHandshakeLocalSupportedAlgs` method). There is no public API currently to get those lists, although it shouldn't be hard to add such API call.
The code currently being reviewed should only display signature schemes set with `jdk.tls.client.SignatureSchemes` system property.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/24424#issuecomment-3145557453
More information about the security-dev
mailing list