Hello, When using "protocols" TLSv1.3 in SSLHostConfig with HTTP 1.1 protocol (Http11NioProtocol or Http11Nio2Protocol ) and certificateVerification=optional, we see below warning in logs:
13-Jun-2025 11:42:58.453 WARNING [catalina-exec-1] org.apache.tomcat.util.net.SSLUtilBase.<init> The JSSE TLS 1.3 implementation does not support post handshake authentication (PHA) and is therefore incompatible with optional certificate authentication Looking at : https://www.rfc-editor.org/rfc/rfc8740.html Seems like the TLS1.3 does not support PHA only in case of HTTP/2 and not for HTTP/1.1. Is this understanding correct? If yes, could we update the warning to be logged only when HTTP/2 is used or at least update the message "The JSSE TLS 1.3 implementation does not support post handshake authentication (PHA) for HTTP/2..." ? Thanks, Amit
