On 21/01/2026 12:11, Christopher Schultz wrote:
Dimitris,
On 1/21/26 6:45 AM, Dimitris Soumis wrote:
On Wed, Jan 21, 2026 at 3:05 AM Mark Thomas <[email protected]> wrote:
The proposed Apache Tomcat 11.0.17 release is now available for voting.
The notable changes compared to 11.0.15 include:
- For configuration consistency between OpenSSL and JSSE TLS
implementations, TLSv1.3 cipher suites included in the ciphers
attribute of an SSLHostConfig are now always ignored (previously
they would be ignored with OpenSSL implementations and used with
JSSE implementations) and a warning is logged that the cipher
suite has been ignored.
- Expand OCSP support to JSSE based connections and expand OCSP
configuration options
- Update Commons Daemon to 1.5.1.
- Update Tomcat Native to 2.0.12 and increase the minimum version to
2.0.12 / 1.3.4
Shouldn't this be 1.3.5?
No, the version bundled with the build will be 2.0.12, but the minimum
version is still 1.3.4 and not 1.3.5.
I might argue that the "recommended version" should have been bumped
from 1.3.4 to 1.3.5,
I thought about it but since bug fixed in 1.3.5 only affects APR which
is 9.0.x only, I decided against it.
We could always update the recommended to the latest but historically
(as far as I can remember) we have updated the minimum when there was a
relevant bug fix and no API change.
but before 1.3.4, the API is incompatible so 1.3.4
is the correct "minimum version". That is, it's not possible to use
Tomcat 11.0.17 with a pre-1.3.4 tcnative version *at all*.
Exactly.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
