-
Sub-task
-
Resolution: Delivered
-
P3
-
19
-
Verified
New Java SE APIs, `javax.net.ssl.SSLParameters.getSignatureSchemes()` and `javax.net.ssl.SSLParameters.setSignatureSchemes()`, have been added to allow applications to customize the signature schemes used in individual TLS or DTLS connections.
Note that the underlying provider may define the default signature schemes for each TLS or DTLS connection. Applications may also use the existing "jdk.tls.client.SignatureSchemes" and/or "jdk.tls.server.SignatureSchemes" system properties to customize the provider-specific default signature schemes. If not `null`, the signature schemes passed to the `setSignatureSchemes()` method will override the default signature schemes for the specified TLS or DTLS connections.
Note that a provider may not have been updated to support the new APIs and in that case may ignore the signature schemes that are set. The JDK `SunJSSE` provider supports this method. It is recommended that 3rd party providers add support for these methods when they add support for JDK 19 or later releases.
Note that the underlying provider may define the default signature schemes for each TLS or DTLS connection. Applications may also use the existing "jdk.tls.client.SignatureSchemes" and/or "jdk.tls.server.SignatureSchemes" system properties to customize the provider-specific default signature schemes. If not `null`, the signature schemes passed to the `setSignatureSchemes()` method will override the default signature schemes for the specified TLS or DTLS connections.
Note that a provider may not have been updated to support the new APIs and in that case may ignore the signature schemes that are set. The JDK `SunJSSE` provider supports this method. It is recommended that 3rd party providers add support for these methods when they add support for JDK 19 or later releases.