All, Just a quick heads up of where I have got to.
TLSv1.3 cipher suite configuration is implemented in Tomcat Native and I think it is close to being ready for tagging. Depending on what else I find while working on the Tomcat side, it might be ready now.
I think I have a working TLSv1.3 cipher suite configuration for Tomcat 12.0.x but I still have some tests to write to confirm that. Supporting JSSE, OpenSSL and OpenSSL+FFM with different configuration styles creates a lot of different combinations.
The current TLSv1.3 work along with the OCSP work (both of which need a successful Native release before I can push changes to 12.0.x) have identified various bugs / oddities / edge cases. The flurry of commits this morning was me trying to pull forward fixes where the fixes don't depend on the TLSv1.3 or OCSP work. There may be a few more of these as I write a few more tests.
I'm hoping to get to the point where I'm ready to tag Tomcat Native later today.
While the Tomcat Native release votes are running, I plan to work on any open bugs / PRs / etc. Hopefully, I'll get these all resolved while the votes are running.
Once we have a new set of Tomcat Native releases (late this week / early next), I will update the minimum required version and apply the TLSv1.3 and OCSP changes to main, 11.0.x, 10.1.x and 9.0.x. Then I'll be ready to tag Tomcat 11.0.x. So I'm currently expecting the January releases to be available late next week / early the following week although that depends on both RM availability and everything else running as expected.
There are quite a few moving parts in all of this so the above plan may not survive but I expect the broad outline will remain.
Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
