Signature algorithms

The TLSv1.3 protocol provides two extensions for indicating which signature algorithms may be used in digital signatures. The "signature_algorithms_cert" extension applies to signatures in certificates and the "signature_algorithms" extension, which originally appeared in TLSv1.2, applies to signatures in handshake messages.

If no “signature_algorithms_cert" extension is present, then the "signature_algorithms" extension also applies to signatures appearing in certificates. The "signature_algorithms_cert" extension was added to allow implementations which support different sets of algorithms for certificates and in TLS itself to clearly signal their capabilities.

Some TLSv1.2 implementations process and use the "signature_algorithms_cert" extension. TLSv1.2 implementations that do not process it continue to use "signature_algorithms" extension for both purposes.

System SSL/TLS system level settings and GSKit attributes are tailored for TLSv1.3. During the transition while TLSv1.2 is supported alongside TLSv1.3, System SSL/TLS merges both settings into the original "signature_algorithms" extension when appropriate for increased interoperability.