On Tue, Feb 17, 2026 at 2:38 PM Benny Prange <[email protected]> wrote: > > Hi there, > > It seems that with the introduction of > https://bz.apache.org/bugzilla/show_bug.cgi?id=69800, some Java JSSE > Properties are ignored if passed as a Java Property. > In detail, I could verify that the properties "jdk.tls.ephemeralDHKeySize" > and "jdk.tls.namedGroups" are ignored, when the used Java version is 21 or > 25. The properties are however used with Java 17. I tested this with Tomcat > 11.0.18. > Additionally, I tested Java 25 with Tomcat 11.0.11. This is the release > before the aforementioned bug, and in that version the properties are still > used. > > I guess that this is a bug, because in default catalina.sh file, > "-Djdk.tls.ephemeralDHKeySize=2048" is still set as a Java option, but this > has no effect starting with Tomcat 11.0.12 and Java 21 or newer. In this > scenario, Tomcat offers ffdhe2024 through ffdhe8192, whereas with 11.0.11 > only ffdhe2024 is offered (as expected). > > It would be highly appreciated if my assumption is correct, that this is > indeed a bug, and if I should create a bug report for that.
I added back support for "jdk.tls.namedGroups" as it is done for other system properties, which are used to initialize the default value. I don't see any direct impact of any updates for "jdk.tls.ephemeralDHKeySize" however, so I am not sure. In the Java code, this is not used to set something that would be overridden, unlike the group configuration, and no relevant changes to our JSSE code have been made. Rémy --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
