  Preface

   This is the Changelog for Tomcat Native 1.3.x. The Tomcat Native 1.3.x
   branch started from the 1.2.39 tag.

  Changes in 1.3.4

     * Fix: Correct logic error that prevented the configuration of TLS 1.3
       cipher suites. (markt)

  Changes in 1.3.3 (not released)

     * Fix: Refactor the addition of TLS 1.3 cipher suite configuration to
       avoid a regression when running a version of Tomcat that pre-dates
       this change. (markt)

  Changes in 1.3.2 (not released)

     * Update: Rename configure.in to modern autotools style configure.ac.
       (rjung)
     * Update: Fix incomplete updates for autotools generated files during
       "buildconf" execution. (rjung)
     * Update: Improve quoting in tcnative.m4. (rjung)
     * Update: Update the minimum version of autoconf for releasing to 2.68.
       (rjung)
     * Fix: Fix the autoconf warnings when creating a release. (markt)
     * Update: The Windows binaries are now built with OCSP support enabled
       by default. (markt)
     * Add: Include a nonce with OCSP requests and check the nonce, if any,
       in the OCSP response. (markt)
     * Add: Expand verification of OCSP responses. (markt)
     * Add: Add the ability to configure the OCSP checks to soft-fail - i.e.
       if the responder cannot be contacted or fails to respond in a timely
       manner the OCSP check will not fail. (markt)
     * Add: Add a configurable timeout to the writing of OCSP requests and
       reading of OCSP responses. (markt)
     * Add: Add the ability to control the OCSP verification flags. (markt)
     * Add: Configure TLS 1.3 connections from the provided ciphers list as
       well as connections using TLS 1.2 and earlier. Pull request provided
       by gastush. (markt)
     * Update: Update the Windows build environment to use Visual Studio
       2022. (markt)

  Changes in 1.3.1

     * Fix: Fix a crash on Windows when SSLContext.setCACertificate() is
       invoked with a null value for caCertificateFile and a non-null value
       for caCertificatePath until properly addressed with
       https://github.com/openssl/openssl/issues/24416. (michaelo)
     * Add: Use ERR_error_string_n with a definite buffer length as a named
       constant. (schultz)
     * Add: Ensure local reference capacity is available when creating new
       arrays and Strings. (schultz)
     * Update: Update the recommended minimum version of OpenSSL to 3.0.14.
       (markt)

  Changes in 1.3.0

     * Update: Drop useless compile.optimize option. (michaelo)
     * Update: Align Java source compile configuration with Tomcat.
       (michaelo)
     * Fix: Fix version set in DLL header on Windows. (michaelo)
     * Update: Remove an unreachable if condition around CRLs in
       sslcontext.c. (michaelo)
     * Fix: 67818: When calling SSL.setVerify() or SSLContext.setVerify(),
       the default verify paths are no longer set. Only the explicitly
       configured trust store, if any, will be used. (michaelo)
     * Update: Update the minimum supported version of LibreSSL to 3.5.2.
       (markt)
     * Design: Remove NPN support as NPN was never standardised and browser
       support was removed in 2019. (markt)
     * Update: Update the recommended minimum version of OpenSSL to 3.0.13.
       (markt)

  Changes in 1.2.x

   Please see the 1.2.x changelog.

  Changes in 1.1.x

   Please see the 1.1.x changelog.

   Copyright  2008-2026, The Apache Software Foundation
