Hi there, It seems that with the introduction of https://bz.apache.org/bugzilla/show_bug.cgi?id=69800, some Java JSSE Properties are ignored if passed as a Java Property. In detail, I could verify that the properties "jdk.tls.ephemeralDHKeySize" and "jdk.tls.namedGroups" are ignored, when the used Java version is 21 or 25. The properties are however used with Java 17. I tested this with Tomcat 11.0.18. Additionally, I tested Java 25 with Tomcat 11.0.11. This is the release before the aforementioned bug, and in that version the properties are still used.
I guess that this is a bug, because in default catalina.sh file, "-Djdk.tls.ephemeralDHKeySize=2048" is still set as a Java option, but this has no effect starting with Tomcat 11.0.12 and Java 21 or newer. In this scenario, Tomcat offers ffdhe2024 through ffdhe8192, whereas with 11.0.11 only ffdhe2024 is offered (as expected). It would be highly appreciated if my assumption is correct, that this is indeed a bug, and if I should create a bug report for that. Thanks and best regards, Benny
