Applications may want to configure the activated named groups and signature algorithms for each connection, rather than using the JSSE provider configuration and preferences. There are no such APIs in Java SE.

For example, we may want to consider:
1. add a System Property, jdk.tls.signatureSchemes to configure the default signature schemes. The SunJSSE provider now supports the jdk.tls.namedGroups System Property for customizing the default named groups. (This feature will be addressed in JDK-8242141)

2. The named groups used in a certificate should be checked in key manager and trust manger for TLS 1.2 and prior versions. Similar to ExtendedSSLSession.getLocalSupportedSignatureAlgorithms() and ExtendedSSLSession.getPeerSupportedSignatureAlgorithms(), it may be worth adding two default methods SSLSession.getLocalNamedGroups() and SSLSession.getPeerNamedGroups()

3. Individual connections may have individual preference. Named groups and signature algorithms could be configurable with SSLParameters. For example, SSLParameters.setSignatureSchemes() or SSLParameters.setNamedGroups().