This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 2c902e00c7 Use jdk.tls.namedGroups as the default value for named
group list
2c902e00c7 is described below
commit 2c902e00c77e1dda8daf2a4bc436b0b61b35e140
Author: remm <[email protected]>
AuthorDate: Wed Feb 18 09:23:29 2026 +0100
Use jdk.tls.namedGroups as the default value for named group list
---
java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java | 6 ++++++
java/org/apache/tomcat/util/net/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/SSLHostConfig.java | 6 +++++-
webapps/docs/changelog.xml | 5 +++++
4 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
index 9a4b8fa37f..2c82a67c6f 100644
--- a/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java
@@ -91,6 +91,12 @@ public abstract class AbstractJsseEndpoint<S, U> extends
AbstractEndpoint<S,U> {
@Override
protected void createSSLContext(SSLHostConfig sslHostConfig) throws
IllegalArgumentException {
+ // Initialize group list
+ LinkedHashSet<Group> groupList = sslHostConfig.getGroupList();
+ if (groupList != null && getLog().isDebugEnabled()) {
+ getLog().debug(sm.getString("endpoint.tls.enabledGroups",
groupList));
+ }
+
boolean firstCertificate = true;
for (SSLHostConfigCertificate certificate :
sslHostConfig.getCertificates(true)) {
SSLUtil sslUtil = sslImplementation.getSSLUtil(certificate);
diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties
b/java/org/apache/tomcat/util/net/LocalStrings.properties
index 6c3525ecfd..a07bfdd651 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings.properties
@@ -141,6 +141,7 @@ endpoint.socketOptionsError=Error setting socket options
endpoint.timeout.err=Error processing socket timeout
endpoint.tls.cert.encodingError=Certificate fingerprints not available
endpoint.tls.cert.noCerts=Certificate details not available as the certificate
chain returned from the SSLContext was empty
+endpoint.tls.enabledGroups=Configured named groups {0} for the TLS connector
endpoint.tls.info=Connector [{0}], TLS virtual host [{1}], certificate type
[{2}] configured from {3} with trust store [{4}]
endpoint.tls.info.cert.keystore=keystore [{0}] using alias [{1}]
endpoint.tls.info.cert.keystore.direct=Set directly - location unknown
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index 9944ea42b0..50c32f535c 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -134,7 +134,7 @@ public class SSLHostConfig implements Serializable {
private String truststoreProvider =
System.getProperty("javax.net.ssl.trustStoreProvider");
private String truststoreType =
System.getProperty("javax.net.ssl.trustStoreType");
private transient KeyStore truststore = null;
- private String groups = null;
+ private String groups = System.getProperty("jdk.tls.namedGroups");
private LinkedHashSet<Group> groupList = null;
// OpenSSL
private String certificateRevocationListPath;
@@ -774,6 +774,10 @@ public class SSLHostConfig implements Serializable {
* @return the groupList
*/
public LinkedHashSet<Group> getGroupList() {
+ if (groupList == null) {
+ // Initialize groups list with the default value
+ setGroups(this.groups);
+ }
return this.groupList;
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0308d306fd..8d239dcfff 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -147,6 +147,11 @@
Log an information message if an APR Connector is used, recommending
that the appropriate NIO Connector is used instead. (markt)
</add>
+ <fix>
+ Respect the value for the <code>jdk.tls.namedGroups</code> system
+ property as the default value for the configured group list on the
+ Connector. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
