Most web servers are built for clients whose security behavior is handled by mainstream general-purpose operating systems. In that world, TLS handling by the web server is usually straightforward: one server name, one endpoint, one certificate chain, and broad interoperability across the signature schemes those stacks support. The situation is different when clients fall outside that mainstream. In IoT, device fleets, industrial gateways, legacy SDKs, or application-to-application integrations, clients often have hard restrictions on which server authentication algorithms, certificate public key types, and certificate signature schemes they can use. One important subset of those cases concerns the signature algorithms supported by the client. Cryptographic algorithms evolved over time, and different generations of clients ended up with support for different sets of algorithms. As a result, one client may support only RSA, another may support only ECDSA, and a third may support both.…