By default for TLS 1.3, the offered signature algorithms prefer ECDSA followed by RSA. However, for my java code, I want my client to offer only RSA signature algorithms as part of client hello. How can that be achieved ?
I tried using jdk.tls.client.SignatureSchemes="RSAWITHSHA256,RSAWITHSHA384,RSAWITHSHA512", but the client still presents the following algorithms as part of client hello
ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA1:RSA+SHA1.
How can we achieve restricting ECDSA signature algorithms explicitly in Java client code ?
Tried setting jdk.tls.client.SignatureSchemes="RSAWITHSHA256,RSAWITHSHA384,RSAWITHSHA512" as system property and at runtime, it didnt work for me.