Summary

No changes from the original CSR JDK-8273149.

Restructure TLS implementation so that in the client authentication case the X509KeyManager.chooseClientAlias method is only called once even if the server accepts multiple key algorithms.

Problem

We used to call this method only once before TLS 1.2 but now it's called once for each server accepted key algorithm, which could be unfriendly in user experience.

For example, suppose the application's X509KeyManager.chooseClientAlias implementation shows up a dialog box asking a client to choose an alias. Before this fix, the dialog would pop up multiple times. Also, since each dialog box only displays aliases for one key algorithm, user is likely to choose a suboptimal alias in the 1st dialog if his most preferred alias is using another algorithm.

Solution

Modify the authentication logic so a single call is performed for all accepted algorithms.

Specification

No spec change, but this is a behavior change.