Rémy,
On 2/19/26 6:07 AM, Rémy Maucherat wrote:
On Wed, Feb 11, 2026 at 11:34 AM Mark Thomas <[email protected]> wrote:
On 11/02/2026 10:15, Michael Osipov wrote:
On 2026/02/10 17:54:26 Mark Thomas wrote:
All,
If we can get users off the APR connector and, for those that need
OpenSSL, using Tomcat Native 2.0.x rather than 1.3.x the 9.0.x to 9.1.x
migration will be no different to a point release update.
With that in mind, what do folks think about the following:
(keep in mind this will happen *after* the 9.0.x EOS, 9.x LTS and Tomcat
Native 1.3.x EOS announcements)
1. Increase the minimum recommended version of Tomcat Native to 2.0.12
for 10.1.x onwards.
2. For 9.0.x, log a warning if the APR/Native connector is used
recommending switching to NIO / NIO+OpenSSL if they want the OpenSSL TLS
implementation.
I initially thought of making the minimum recommended version of Tomcat
Native 2.0.12 for 9.0.x as well but that would mean an out of the box
Tomcat 9 install is going to warn that Tomcat Native should be upgraded.
Thoughts?
I have a few:
* Add the warning to 1.3.x configure.ac as well
That should be doable.
* We have a half-state of terms in the source tree:
osipovmi@deblndw011x:~/var/Projekte/tomcat (apache-main =)
$ find . -name Apr\*
./java/org/apache/catalina/core/AprLifecycleListener.java
./java/org/apache/tomcat/jni/AprStatus.java
Any plans to make this right? E.g., get rid of Apr in favor of TomcatNative?
There might be also other spots as well.
No plans at present. It would be a disruptive change for no functional
benefit.
Tomcat Native will (eventually) go away in favour of FFM. I am hopeful
that will start in Tomcat 13.
Doing that is more or less mandatory given the use of Unsafe to
deallocate direct ByteBuffer otherwise.
I think we should swap the default config in Tomcat 12:
<!-- OpenSSL support using Tomcat Native -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" />
<!-- OpenSSL support using FFM API from Java 22 -->
<!-- <Listener
className="org.apache.catalina.core.OpenSSLLifecycleListener" /> -->
So comment out AprLifecycleListener and uncomment
OpenSSLLifecycleListener. Or leave both commented out, I don't know.
The only potential counterpoint to this proposal is that Jakarta EE 12
will only require Java 21 and not 22 (likely since 21 is LTS while 22 is
not). It's a shame, and I'm fairly confident you've pointed this sad
state out in the past.
I think it's probably okay for Apache Tomcat to say "Tomcat 12 is
Jakarta EE 12, *except* you need Java 22 or later specifically to use
OpenSSL".
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
