RFR: 8351354: Enhance java -XshowSettings:security:tls to show enabled TLS groups and signature algorithms [v2]
Artur Barashev
abarashev at openjdk.org
Thu Oct 2 13:45:57 UTC 2025
On Thu, 2 Oct 2025 11:29:12 GMT, Matthew Donovan <mdonovan at openjdk.org> wrote:
> > I think we should either implement a public API to provide those signature schemes or not display them at all to avoid any confusion. If someone sets `jdk.tls.client.SignatureSchemes` system property they would sure know about it. That property overrides all other signature schemes for both "signature_algorithms" and "signature_algorithms_cert" extensions.
>
> I removed the signature algorithms from this output. If accurate lists aren't generated until TLS handshake, then I don't think there's any reason to print a list here.
Sounds good. I've created [JDK-8366364](https://bugs.openjdk.org/browse/JDK-8366364) to address this problem. Once it's done we can include signature algorithms in the output.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/24424#issuecomment-3361286352
More information about the security-dev
mailing list