On Tue, Feb 17, 2026 at 2:38 PM Benny Prange <[email protected]> wrote: > > Hi there, > > It seems that with the introduction of > https://bz.apache.org/bugzilla/show_bug.cgi?id=69800, some Java JSSE > Properties are ignored if passed as a Java Property. > In detail, I could verify that the properties "jdk.tls.ephemeralDHKeySize" > and "jdk.tls.namedGroups" are ignored, when the used Java version is 21 or > 25. The properties are however used with Java 17. I tested this with Tomcat > 11.0.18. > Additionally, I tested Java 25 with Tomcat 11.0.11. This is the release > before the aforementioned bug, and in that version the properties are still > used. > > I guess that this is a bug, because in default catalina.sh file, > "-Djdk.tls.ephemeralDHKeySize=2048" is still set as a Java option, but this > has no effect starting with Tomcat 11.0.12 and Java 21 or newer. In this > scenario, Tomcat offers ffdhe2024 through ffdhe8192, whereas with 11.0.11 > only ffdhe2024 is offered (as expected). > > It would be highly appreciated if my assumption is correct, that this is > indeed a bug, and if I should create a bug report for that.
For jdk.tls.namedGroups you should be using the new configuration. For jdk.tls.ephemeralDHKeySize I'm not sure, I don't think this is so useful anymore. Rémy > Thanks and best regards, > Benny --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
