Per TLS ECC spec [section 5.3, RFC 4492],
ECDHE_ECDSA Certificate MUST contain an
ECDSA-capable public key. It
MUST be signed with ECDSA.
With current JDK RSA signed EC-key certs cannot be used for ECDHE_ECDSA cipher suites.
The restrictions on the algorithm used to sign certificates are relaxed
in TLS 1.2 [RFC 5246]. Certificate signature algorithms are no longer
tied to cipher suites. But we have not removed the restrictions in our