I’d like a review of this fix for when DSA is the only key available. It’s debatable how realistic this situation is, but it is a regression and key tool uses dsa by default.
The fix is to remove tls1.3 from the default protocols. The placement of the code change is to minimize the keymanager check to only SSLContext setup and not have a check run with every connection. http://cr.openjdk.java.net/~ascarpino/8211426/webrev.00/ This webrev does not include the test as I did not have time to modify it yet. I will include that in a future review after my vacation. Tony
