How to fix the following warning message:

2026-04-08 16:09:04.157 <ZWEAGW1:main:67175560> ZWESVUSR WARN  ((o.a.t.u.n.j.JSSEUtil)) Tomcat interprets the [ciphers] attribute in a manner consistent with the latest OpenSSL development branch. Some of the specified [ciphers] are not supported by the configured SSL engine for this connector (which may use JSSE or an older OpenSSL version) and have been skipped: [[TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256]]

ZOWE v3.3

Java 17

Using Java 17 with Zowe (specifically with the IBM Semeru Runtime Certified Edition for z/OS) triggers these warnings because Static ECDH cipher suites are now explicitly disabled in the java.security configuration file via the jdk.tls.disabledAlgorithms property - as they do not provide Forward Secrecy. 

Ephemeral ECDHE, which provides Forward Secrecy, is the allowed modern standard in Java 17.

Explicitly defining a list of supported ciphers in ZOWE.yaml:

zowe:
  network:
    server:
      tls:
        # Explicitly list only modern, non-static ciphers
        ciphers: 
          - "TLS_AES_256_GCM_SHA384"
          - "TLS_AES_128_GCM_SHA256"
          - "TLS_CHACHA20_POLY1305_SHA256"
          - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
          - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
          - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
          - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"

The ciphers listed above are examples. Please ensure the final list matches your organization’s security standards and the capabilities of your configured SSL engine.