(tomcat) branch main updated: Add OpenSSL 4 groups

Wed, 22 Apr 2026 09:19:33 -0700 

This is an automated email from the ASF dual-hosted git repository.

rmaucher pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 9d132d325d Add OpenSSL 4 groups
9d132d325d is described below

commit 9d132d325d0b936a927822cb891b67f404975293
Author: remm <[email protected]>
AuthorDate: Wed Apr 22 18:18:10 2026 +0200

    Add OpenSSL 4 groups
    
    Listed in openssl list -tls-groups -tls1_3.
    Unsure about the signature scheme yet, but it's in the TLS 1.3 specs.
---
 java/org/apache/tomcat/util/net/openssl/ciphers/Group.java          | 6 +++++-
 .../org/apache/tomcat/util/net/openssl/ciphers/SignatureScheme.java | 6 +++++-
 webapps/docs/changelog.xml                                          | 3 +++
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/Group.java 
b/java/org/apache/tomcat/util/net/openssl/ciphers/Group.java
index 2fe0abde19..d2d3d0b9ba 100644
--- a/java/org/apache/tomcat/util/net/openssl/ciphers/Group.java
+++ b/java/org/apache/tomcat/util/net/openssl/ciphers/Group.java
@@ -41,6 +41,9 @@ public enum Group {
     ffdhe6144(0x0103),
     ffdhe8192(0x0104),
 
+    // SM2 Curve
+    curveSM2(0x0029),
+
     // Post-Quantum Key Exchange
     MLKEM512(0x0200),
     MLKEM768(0x0201),
@@ -49,7 +52,8 @@ public enum Group {
     // Hybrid Key Exchange
     SecP256r1MLKEM768(0x11EB),
     X25519MLKEM768(0x11EC),
-    SecP384r1MLKEM1024(0x11ED);
+    SecP384r1MLKEM1024(0x11ED),
+    curveSM2MLKEM768(0x11EE);
 
     private final int id;
 
diff --git 
a/java/org/apache/tomcat/util/net/openssl/ciphers/SignatureScheme.java 
b/java/org/apache/tomcat/util/net/openssl/ciphers/SignatureScheme.java
index 129410496c..a6b1e63cc1 100644
--- a/java/org/apache/tomcat/util/net/openssl/ciphers/SignatureScheme.java
+++ b/java/org/apache/tomcat/util/net/openssl/ciphers/SignatureScheme.java
@@ -73,7 +73,11 @@ public enum SignatureScheme {
     slhdsa_shake_192s(0x0919, Authentication.MLDSA),
     slhdsa_shake_192f(0x091a, Authentication.MLDSA),
     slhdsa_shake_256s(0x091b, Authentication.MLDSA),
-    slhdsa_shake_256f(0x091c, Authentication.MLDSA);
+    slhdsa_shake_256f(0x091c, Authentication.MLDSA),
+
+    // SM2 algorithms
+    // Note: Mapped to ML-DSA for now, since not confirmed to be working
+    sm2sig_sm3(0x0708, Authentication.MLDSA);
 
     private final int id;
     private final Authentication auth;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6cfefb6ba2..fa3214b054 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -292,6 +292,9 @@
         Refactor HTTP/2 HPACK encoding so field names are only converted to
         lower case once during the encoding process. (markt)
       </fix>
+      <fix>
+        Add TLS 1.3 groups added in OpenSSL 4.0. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to