This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new ff6486165d Use jdk.tls.namedGroups as the default value for named
group list
ff6486165d is described below
commit ff6486165d2a789e733f6da78aef877c4c6939db
Author: remm <[email protected]>
AuthorDate: Wed Feb 18 09:23:29 2026 +0100
Use jdk.tls.namedGroups as the default value for named group list
---
java/org/apache/tomcat/util/net/AbstractEndpoint.java | 6 ++++++
java/org/apache/tomcat/util/net/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/SSLHostConfig.java | 6 +++++-
webapps/docs/changelog.xml | 5 +++++
4 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 5e243b3438..2838757c95 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -406,6 +406,12 @@ public abstract class AbstractEndpoint<S, U> {
*/
protected void createSSLContext(SSLHostConfig sslHostConfig) throws
IllegalArgumentException {
+ // Initialize group list
+ LinkedHashSet<Group> groupList = sslHostConfig.getGroupList();
+ if (groupList != null && getLog().isDebugEnabled()) {
+ getLog().debug(sm.getString("endpoint.tls.enabledGroups",
groupList));
+ }
+
boolean firstCertificate = true;
for (SSLHostConfigCertificate certificate :
sslHostConfig.getCertificates(true)) {
SSLUtil sslUtil = sslImplementation.getSSLUtil(certificate);
diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties
b/java/org/apache/tomcat/util/net/LocalStrings.properties
index b18706aa64..48bf633470 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings.properties
@@ -116,6 +116,7 @@ endpoint.socketOptionsError=Error setting socket options
endpoint.timeout.err=Error processing socket timeout
endpoint.tls.cert.encodingError=Certificate fingerprints not available
endpoint.tls.cert.noCerts=Certificate details not available as the certificate
chain returned from the SSLContext was empty
+endpoint.tls.enabledGroups=Configured named groups {0} for the TLS connector
endpoint.tls.info=Connector [{0}], TLS virtual host [{1}], certificate type
[{2}] configured from {3} with trust store [{4}]
endpoint.tls.info.cert.keystore=keystore [{0}] using alias [{1}]
endpoint.tls.info.cert.keystore.direct=Set directly - location unknown
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 5a3fdc05f1..45d27d0b85 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -136,7 +136,7 @@ public class SSLHostConfig implements Serializable {
private String truststoreProvider =
System.getProperty("javax.net.ssl.trustStoreProvider");
private String truststoreType =
System.getProperty("javax.net.ssl.trustStoreType");
private transient KeyStore truststore = null;
- private String groups = null;
+ private String groups = System.getProperty("jdk.tls.namedGroups");
private LinkedHashSet<Group> groupList = null;
// OpenSSL
private String certificateRevocationListPath;
@@ -720,6 +720,10 @@ public class SSLHostConfig implements Serializable {
* @return the groupList
*/
public LinkedHashSet<Group> getGroupList() {
+ if (groupList == null) {
+ // Initialize groups list with the default value
+ setGroups(this.groups);
+ }
return this.groupList;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f643327cbd..69bdbd4c94 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -263,6 +263,11 @@
Update the minimum recommended version of Tomcat Native so that users
of
1.3.x are recommended to update to 2.0.x. (markt)
</update>
+ <fix>
+ Respect the value for the <code>jdk.tls.namedGroups</code> system
+ property as the default value for the configured group list on the
+ Connector. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
