RFR: 8351354: Enhance java -XshowSettings:security:tls to show enabled TLS groups and signature algorithms [v2]
Artur Barashev
abarashev at openjdk.org
Mon Aug 4 13:48:55 UTC 2025
On Mon, 4 Aug 2025 12:57:20 GMT, Matthew Donovan <mdonovan at openjdk.org> wrote:
> > The code currently being reviewed should only display signature schemes set with `jdk.tls.client.SignatureSchemes` system property.
>
> Should that be displayed with `-XshowSettings:security:tls` or `-XshowSettings:security:properties`? On the surface, the latter makes more sense to me.
I think we should either implement a public API to provide those signature schemes or not display them at all to avoid any confusion. If someone sets `jdk.tls.client.SignatureSchemes` system property they would sure know about it. That property overrides all other signature schemes for both "signature_algorithms" and "signature_algorithms_cert" extensions.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/24424#issuecomment-3150790567
More information about the security-dev
mailing list