On Mon, 4 Aug 2025 12:57:20 GMT, Matthew Donovan <mdono...@openjdk.org> wrote:
> > The code currently being reviewed should only display signature schemes set > > with `jdk.tls.client.SignatureSchemes` system property. > > Should that be displayed with `-XshowSettings:security:tls` or > `-XshowSettings:security:properties`? On the surface, the latter makes more > sense to me. I think we should either implement a public API to provide those signature schemes or not display them at all to avoid any confusion. If someone sets `jdk.tls.client.SignatureSchemes` system property they would sure know about it. That property overrides all other signature schemes for both "signature_algorithms" and "signature_algorithms_cert" extensions. ------------- PR Comment: https://git.openjdk.org/jdk/pull/24424#issuecomment-3150790567
