This is an automated email from the ASF dual-hosted git repository.
rmaucher pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new ecb0f82d3f Add OpenSSL 4 groups
ecb0f82d3f is described below
commit ecb0f82d3fa4bf7ef6506662893178644dea3f5c
Author: remm <[email protected]>
AuthorDate: Wed Apr 22 18:18:10 2026 +0200
Add OpenSSL 4 groups
Listed in openssl list -tls-groups -tls1_3.
Unsure about the signature scheme yet, but it's in the TLS 1.3 specs.
---
java/org/apache/tomcat/util/net/openssl/ciphers/Group.java | 6 +++++-
.../org/apache/tomcat/util/net/openssl/ciphers/SignatureScheme.java | 6 +++++-
webapps/docs/changelog.xml | 3 +++
3 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/ciphers/Group.java
b/java/org/apache/tomcat/util/net/openssl/ciphers/Group.java
index 2fe0abde19..d2d3d0b9ba 100644
--- a/java/org/apache/tomcat/util/net/openssl/ciphers/Group.java
+++ b/java/org/apache/tomcat/util/net/openssl/ciphers/Group.java
@@ -41,6 +41,9 @@ public enum Group {
ffdhe6144(0x0103),
ffdhe8192(0x0104),
+ // SM2 Curve
+ curveSM2(0x0029),
+
// Post-Quantum Key Exchange
MLKEM512(0x0200),
MLKEM768(0x0201),
@@ -49,7 +52,8 @@ public enum Group {
// Hybrid Key Exchange
SecP256r1MLKEM768(0x11EB),
X25519MLKEM768(0x11EC),
- SecP384r1MLKEM1024(0x11ED);
+ SecP384r1MLKEM1024(0x11ED),
+ curveSM2MLKEM768(0x11EE);
private final int id;
diff --git
a/java/org/apache/tomcat/util/net/openssl/ciphers/SignatureScheme.java
b/java/org/apache/tomcat/util/net/openssl/ciphers/SignatureScheme.java
index 129410496c..a6b1e63cc1 100644
--- a/java/org/apache/tomcat/util/net/openssl/ciphers/SignatureScheme.java
+++ b/java/org/apache/tomcat/util/net/openssl/ciphers/SignatureScheme.java
@@ -73,7 +73,11 @@ public enum SignatureScheme {
slhdsa_shake_192s(0x0919, Authentication.MLDSA),
slhdsa_shake_192f(0x091a, Authentication.MLDSA),
slhdsa_shake_256s(0x091b, Authentication.MLDSA),
- slhdsa_shake_256f(0x091c, Authentication.MLDSA);
+ slhdsa_shake_256f(0x091c, Authentication.MLDSA),
+
+ // SM2 algorithms
+ // Note: Mapped to ML-DSA for now, since not confirmed to be working
+ sm2sig_sm3(0x0708, Authentication.MLDSA);
private final int id;
private final Authentication auth;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c26ad8eda9..a237dd30a9 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -185,6 +185,9 @@
Refactor HTTP/2 HPACK encoding so field names are only converted to
lower case once during the encoding process. (markt)
</fix>
+ <fix>
+ Add TLS 1.3 groups added in OpenSSL 4.0. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
