--- a/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java	Mon May 21 15:40:25 2018 +0800
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java	Mon May 21 08:16:24 2018 -0700
@@ -104,6 +104,7 @@
     private PrivateKey          localPrivateKey;
     private final String[]      localSupportedSignAlgs;
     private String[]            peerSupportedSignAlgs;
+    private boolean             useDefaultPeerSignAlgs = false;
     private List<byte[]>        statusResponses;
     private SecretKey           resumptionMasterSecret;
     private SecretKey           preSharedKey;
@@ -332,6 +333,32 @@
             SignatureScheme.getAlgorithmNames(signatureSchemes);
     }
 
+    // TLS 1.2 only
+    //
+    // Per RFC 5246, If the client supports only the default hash
+    // and signature algorithms, it MAY omit the
+    // signature_algorithms extension.  If the client does not
+    // support the default algorithms, or supports other hash
+    // and signature algorithms (and it is willing to use them
+    // for verifying messages sent by the server, i.e., server
+    // certificates and server key exchange), it MUST send the
+    // signature_algorithms extension, listing the algorithms it
+    // is willing to accept.
+    void setUseDefaultPeerSignAlgs() {
+        useDefaultPeerSignAlgs = true;
+        peerSupportedSignAlgs = new String[] {
+            "SHA1withRSA", "SHA1withDSA", "SHA1withECDSA"};
+    }
+    
+    // Returns the connection session.
+    SSLSessionImpl finish() {
+        if (useDefaultPeerSignAlgs) {
+            this.peerSupportedSignAlgs = new String[0];
+        }
+        
+        return this;
+    }
+
     /**
      * Provide status response data obtained during the SSL handshake.
      *