The `jdk.httpclient.bufsize` system property[1] is used by `HttpClient` through the `jdk.internal.net.http.common.Utils#BUFSIZE` constant. The user-provided value is not validated (e.g., negative values are accepted) and, as hinted by [~dfuchs], can be clamped[2].

[1]: https://docs.oracle.com/en/java/javase/25/docs/api/java.net.http/module-summary.html
[2]: https://github.com/openjdk/jdk/pull/26876/files#r2333555522