Preface

This is the Changelog for Tomcat Native 1.3.x. The Tomcat Native 1.3.x branch started from the 1.2.39 tag.

2026-01-19 1.3.5

  • Fix: Remove group write permissions from the files in the tar.gz source archive. (markt)
  • Fix: Clear an additional error in OCSP processing that was preventing OCSP soft fail working with Tomcat's APR/native connector. (markt)

2026-01-12 1.3.4

  • Fix: Correct logic error that prevented the configuration of TLS 1.3 cipher suites. (markt)

not released 1.3.3

  • Fix: Refactor the addition of TLS 1.3 cipher suite configuration to avoid a regression when running a version of Tomcat that pre-dates this change. (markt)

not released 1.3.2

  • Update: Rename configure.in to modern autotools style configure.ac. (rjung)
  • Update: Fix incomplete updates for autotools generated files during "buildconf" execution. (rjung)
  • Update: Improve quoting in tcnative.m4. (rjung)
  • Update: Update the minimum version of autoconf for releasing to 2.68. (rjung)
  • Fix: Fix the autoconf warnings when creating a release. (markt)
  • Update: The Windows binaries are now built with OCSP support enabled by default. (markt)
  • Add: Include a nonce with OCSP requests and check the nonce, if any, in the OCSP response. (markt)
  • Add: Expand verification of OCSP responses. (markt)
  • Add: Add the ability to configure the OCSP checks to soft-fail - i.e. if the responder cannot be contacted or fails to respond in a timely manner the OCSP check will not fail. (markt)
  • Add: Add a configurable timeout to the writing of OCSP requests and reading of OCSP responses. (markt)
  • Add: Add the ability to control the OCSP verification flags. (markt)
  • Add: Configure TLS 1.3 connections from the provided ciphers list as well as connections using TLS 1.2 and earlier. Pull request provided by gastush. (markt)
  • Update: Update the Windows build environment to use Visual Studio 2022. (markt)

2024-07-24 1.3.1

  • Fix: Fix a crash on Windows when SSLContext.setCACertificate() is invoked with a null value for caCertificateFile and a non-null value for caCertificatePath until properly addressed with https://github.com/openssl/openssl/issues/24416. (michaelo)
  • Add: Use ERR_error_string_n with a definite buffer length as a named constant. (schultz)
  • Add: Ensure local reference capacity is available when creating new arrays and Strings. (schultz)
  • Update: Update the recommended minimum version of OpenSSL to 3.0.14. (markt)

2024-02-12 1.3.0

  • Update: Drop useless compile.optimize option. (michaelo)
  • Update: Align Java source compile configuration with Tomcat. (michaelo)
  • Fix: Fix version set in DLL header on Windows. (michaelo)
  • Update: Remove an unreachable if condition around CRLs in sslcontext.c. (michaelo)
  • Fix: 67818: When calling SSL.setVerify() or SSLContext.setVerify(), the default verify paths are no longer set. Only the explicitly configured trust store, if any, will be used. (michaelo)
  • Update: Update the minimum supported version of LibreSSL to 3.5.2. (markt)
  • Design: Remove NPN support as NPN was never standardised and browser support was removed in 2019. (markt)
  • Update: Update the recommended minimum version of OpenSSL to 3.0.13. (markt)

Changes in 1.2.x

Please see the 1.2.x changelog.

Changes in 1.1.x

Please see the 1.1.x changelog.