wolfSSL JNI and JSSE Provider 1.17.0

To download the release bundle of wolfSSL JNI/JSSE visit the download page at www.wolfssl.com/download/

Release 1.17.0 has bug fixes and new features including:

New JSSE Functionality:

• Add JSSE-level Pre-Shared Key (PSK) support via WolfSSLParameters for SSLSocket/SSLEngine (PR 340)
• Add Java 9+ module support (JPMS) with conditional module-info.java compilation for jlink compatibility (PR 324)
• Add CertPathTrustManagerParameters and KeyStoreBuilderParameters support in WolfSSLTrustManager (PR 310)

New JNI Functionality:

• Add WolfSSL.getSNIFromBuffer() wrapping wolfSSL_SNI_GetFromBuffer() for SNI extraction from raw ClientHello (PR 339)
• Add RSA-PSS sign/verify and RSA sign check PK callback support (PR 338)
• Add pathLen parameter to WolfSSLCertificate/WolfSSLCertRequest.addExtension() for Basic Constraints (PR 341)
• Add CRL generation wrappers in WolfSSLCRL (PR 315)
• Add CRL decode wrappers in WolfSSLCRL for parsing and inspecting existing CRL data (PR 333)
• Add SKID, AKID, CRL Dist Points, and Netscape Cert Type extension support in WolfSSLCertificate (PR 317)
• Add X.509 Name Constraints extension support with WolfSSLNameConstraints/WolfSSLGeneralName (PR 316)
• Add extended AIA interface to retrieve OCSP and CA Issuer URLs separately from certs (PR 323)
• Add WolfSSLAltName class for extended SAN parsing including otherName (MS AD UPN), iPAddress, and directoryName GeneralName types (PR 313)

New Property Support:

• Add wolfjsse.skipFIPSCAST Security property to skip automatic FIPS CAST execution during wolfJSSE init (PR 342)
• Add wolfssl.skipLibraryLoad System property to skip automatic System.loadLibrary() calls (PR 325)

JNI and JSSE Changes:

• Limit SSLSocket write chunk size to 16384 (2^14) bytes (PR 308)
• Fix SSLEngine BUFFER_UNDERFLOW handling for partial TLS records where only header was available (PR 334)
• Fix SSLEngine BUFFER_OVERFLOW handling to stash decrypted application data and retry instead of losing data (PR 334)
• Fix SSLEngine close/shutdown state transitions and close_notify handshake status reporting (PR 334, 354)
• Fix SSLSocket.close() throwing duplicate exception when the initial connection had already failed (PR 330, 354)
• Fix SSLEngine.unwrap() incorrectly returning BUFFER_UNDERFLOW when all bytes were consumed but more ciphertext needed (PR 351)
• Throw SSLHandshakeException instead of SSLException on handshake errors for Spring Boot compatibility (PR 310)
• Throw SSLPeerUnverifiedException from getPeerCertificates() on server side when no client auth requested (PR 310)
• Improve SSLEngine SNI handling: prefer configured SNI for hostname verification, enforce server-side SNIMatcher after handshake, enable auto-SNI for SSLEngine(host, port), fix stale SNI cache on session resumption (PR 334, 349)
• Support SSLEngine(host, -1) unknown-port hints for Netty compatibility (PR 334)
• Fix session timeout boundary behavior and filter invalid/expired sessions from SSLSessionContext enumeration (PR 334)
• Return X500Principal from getPeerPrincipal() and getLocalPrincipal() for proper Java X.509 principal compatibility (PR 334)
• Add equals() and hashCode() to WolfSSLX509 for comparison compatibility with frameworks that check cert equality (PR 334)
• Return non-null signature algorithm arrays from ExtendedSSLSession methods (PR 334)
• Fix WolfSSLTrustX509.getAcceptedIssuers() operator precedence returning incorrect trusted issuers (PR 334)
• Fix OCSP chain issuer handling to correctly use provided certificate chain entries (PR 334)
• Skip certificate-only trust entries without private keys in chooseClientAlias() key selection (PR 310)
• Filter anon suites from default enabled cipher suite list, matching jdk.tls.disabledAlgorithms behavior (PR 343)
• Filter available cipher suites based on configured TLS version in getAvailableCipherSuitesIana() (PR 318)
• Fix WolfSSLSession.read() ByteBuffer reading more bytes than requested (PR 353)
• Fix PSK client identity copy / key length validation against max buffer sizes (PR 346)
• Fix x509_getDer() potential crash due to missing jbyteArray allocation before SetByteArrayRegion (PR 347)
• Fix possible null dereference in WolfSSLSession.setServerID() before id.length access (PR 344)
• Fix possible null crash in CertManagerLoadCA() when null certFile or certPath passed from Java (PR 345)
• Fix possible null dereference in WolfSSLTrustManager.LoadAndroidSystemCertsManually() on Android (PR 344)

• Fix SHA-224 signature type string typo where SHA244 was used instead of SHA224 (PR 345)
• Fix FD_SETSIZE bounds check in socketSelect() before FD_SET calls to prevent undefined behavior with high file descriptors (PR 345)
• Fix potential I/O stall from stale pollRx/pollTx flags not being reset between I/O loop iterations (PR 345)
• Fix JVM thread leaks from missing DetachCurrentThread in ALPN, verify, and CRL native callbacks (PR 346, 347, 353)
• Fix memory leak of internCtx on NewGlobalRef failure in PK callback setup functions (PR 356)
• Fix thread-safety issue in native PK callbacks when multiple SSL sessions active (PR 345)
• Deregister native FIPS error callback on library cleanup to prevent callbacks into garbage-collected Java objects (PR 337)

Example Changes:

• Add PSK example applications for SSLSocket and SSLEngine client/server (PR 340)
• Add DualProviderFIPSTest example for wolfJSSE and wolfJCE dual provider FIPS usage (PR 342)
• Update Android example app to perform TLS connection using wolfJSSE SSLSocket, add FIPS error callback for hash development workflow (PR 355)

Testing Changes:

• Add SpotBugs static analysis build target, exclusion filter, and GitHub Actions workflow (PR 344)
• Add GitHub Actions workflow for Android FIPS Ready testing with automated hash capture via emulator (PR 355)
• Add GitHub Actions workflow for FIPS Ready dual provider testing with wolfJSSE and wolfJCE (PR 342)
• Add GitHub Actions workflow for UndefinedBehaviorSanitizer (UBSan) testing (PR 321)
• Add GitHub Actions workflow for Linux 32-bit testing with Java 17 (PR 320)
• Add GitHub Actions workflow for Java Module (JPMS) testing (PR 324)
• Add GitHub Actions workflow for checking source file list consistency (PR 331)
• Add make target and GitHub Actions workflow for building with all wolfSSL patches enabled (PR 322, 326)
• Add Java 24 and 25 to GitHub Actions test matrix (PR 319)
• Update line length check script for correct line numbers and local use (PR 328)
• Guard JaCoCo taskdef behind availability check to prevent build failures when JAR is absent (PR 353)

Misc Changes:

• Update Makefile to generate dependency files, support verbose mode, and enable -Wextra/-Werror compiler flags (PR 332)
• Add Gradle distribution SHA-256 hash verification in Android build (PR 350)
• Replace deprecated jcenter() with mavenCentral() in Android Gradle build (PR 350)
• Update Android CMakeLists.txt to exclude newly-added wolfSSL source files fixing build failures (PR 326, 346)

The wolfSSL JNI/JSSE Manual is available at: https://www.wolfssl.com/documentation/manuals/wolfssljni/. For build instructions and more details, please check the manual.

wolfSSL JNI and JSSE Provider 1.16.0

To download the release bundle of wolfSSL JNI/JSSE visit the download page at www.wolfssl.com/download/

Release 1.16.0 has bug fixes and new features including:

JSSE System/Security Property Support:

• Add wolfjsse.autoSNI Security property support to control auto setting SNI (PR 249)
• Add partial support for jdk.tls.client.SignatureSchemes and jdk.tls.server.SignatureSchemes (PR 299)

JSSE Changes:

• Automatically set SNI for HttpsURLConnection connections (PR 249)
• Add support for DTLS 1.3 (DTLSv1.3) in SSLContext / SSLEngine (PR 254)
• Fix SNI storing/restoring at wolfJSSE level on session resumption (PR 255)
• Improve SSLEngine send/received performance 20-30% (PR 257)
• Implement SNI matcher logic for server-side WolfSSLSocket use (PR 259)
• Cache system and security properties on WolfSSLEngineHelper creation vs each handshake (PR 273)
• Reduce synchronization scope in WolfSSLAuthStore for lower contention (PR 274)
• Cache KeyStore entries in X509ExtendedKeyManager to reduce contention for heavy concurrent use (PR 272)
• Fix potential use-after-free issues with WolfSSLSocket (PR 275)
• Fix NullPointerException on double close() in WolfSSLSocket (PR 277)
• Implement toString() inside WolfSSLPrincipal (PR 281)
• Fix certificate chain order returned from WolfSSLX509StoreCtx.getCerts() to match JSSE expectations (PR 282, 289)
• Protect native sessions from being freed while I/O operations are in progress (PR 278)
• Add support for honoring client cipher suite preference ordering (PR 287)
• Fix potential memory leak in SSLEngine during JNI callback cleanup (PR 289)
• Implement X509Certificate.getExtendedKeyUsage() in WolfSSLX509Certificate (PR 289)
• Fix cert chain validation to handle cross-signed certs and chain paths (PR 292, 294)
• Add Java ServiceLoader support for wolfJSSE provider for Java Module System (JPMS) compatibility (PR 296)
• Implement X509Certificate getSubjectX500Principal() and getIssuerX500Principal() (PR 298)
• Fall back to java.home property use when JAVA_HOME env var not set (PR 302)
• Add hashCode() implementation to SSLSession (PR 303)
• Allow SSLSessionContext access before SSLContext init (PR 304)
• Add Android non-standard checkServerTrusted() in X509TrustManager (PR 288)
• Fix ALPN to support non-ASCII protocol names (PR 305)

JNI Changes:

• Rename wolfCrypt JNI helper classes to avoid namespace conflicts with wolfcrypt-jni (PR 252)
• Wrap Atomic Record VerifyDecrypt callback (PR 252)
• Ensure peer ALPN protocol list is null terminated (PR 258)
• Enhance error handling and return code checks in WolfSSLSession.read() (PR 260)
• Improve ByteBuffer handling in WolfSSLSession.read() (PR 262)
• Dynamically get algorithm and key ASN NID enum values from wolfSSL (PR 263)
• Add pool of ByteBuffers to WolfSSLSession, improves performance and avoids unaligned memory access (PR 268)
• Add getSessionTicket() and setSessionTicket() to WolfSSLSession (PR 270)
• Correct call to CallObjectMethod() in WolfSSLSession ByteBuffer read (PR 286)
• Wrap wolfSSL_i2d_SSL_SESSION() and wolfSSL_d2i_SSL_SESSION() allowing for session persistence (PR 290)
• Add DTLS Connection ID (CID) support, wrapping native wolfSSL APIs (PR 297)

Debugging Changes:

• Switch to use Java logging (java.util.logging) framework for debug logs (PR 261)
• Switch logging callback for wolfSSL debug messages to use stderr (PR 269)
• Switch debug log timestamp to use Java Instant.ofEpochMilli(), remove dependency on java.sql.Timestamp (PR 301)

Example Changes:

• Add DTLS 1.3 example client and server applications (PR 264)

Testing Changes:

• Add GitHub Actions PRB test with ubuntu-24.04-arm runner for testing --enable-armasm builds (PR 267)
• Add GitHub Actions PRB test for AddressSanitizer (-fsanitize=address) builds (PR 276)
• Add GitHub Actions PRB tests for coding style (line length, comment style) (PR 285)
• Add GitHub Actions PRB test for Clang scan-build static analysis (PR 285)
• Add GitHub Actions PRB test for Visual Studio builds on Windows (PR 295)
• Add GitHub Actions PRB test to build against last 5 stable wolfSSL releases (PR 306)
• Add GitHub Actions PRB test to run unit tests on Android emulator (PR 307)
• Use local server threads in some WolfSSLSession tests to avoid network access (PR 300)

Misc Changes:

• Clean up IDE warnings in Cursor and VSCode (PR 266)
• Add CLAUDE.md for consumption by Claude Code (PR 265)
• Add -fPIC to CFLAGS in java.sh for Aarch64 hosts (PR 267)
• Modify java.sh to allow passing install directory (./java.sh <install_dir>) (PR 285)

The wolfSSL JNI Manual is available at: https://www.wolfssl.com/documentation/manuals/wolfssljni. For build instructions and more detailed comments, please check the manual.

wolfSSL JNI and JSSE Provider 1.15.0

To download the release bundle of wolfSSL JNI/JSSE visit the download page at www.wolfssl.com/download/

Release 1.15.0 has bug fixes and new features including:

JSSE System/Security Property Support:

• Addition of JNI-level debug system property (wolfssljni.debug=true) (PR 235)

JSSE Changes:

• Fix to close Socket when SSLSocket startHandshake() fails (PR 234)
• Fixes for potential NullPointerException in SSLSocket Input/OutputStream (PR 233)
• Add ability for SSLSession.getRequestedServerNames() to return SNI request on server side (PR 240)
• Add check for legacy DHE keys, for cipher suites using keys less than 1024 bits (PR 243)
• Optimize byte[] creation in SSLEngine when receiving app data (PR 244, 250)
• Add ability for SSLSocket.close() to interrupt read()/write() operations waiting in select()/poll() (PR 246)

JNI Changes:

• Always call wolfSSL_get1_session() inside WolfSSLSession.getSession() (PR 236)
• Call wc_RunAllCast_fips() with wolfCrypt FIPS builds if available (PR 247)
• Add ability to pass CFLAGS to java.sh (ie: CFLAGS="-DTEST_DEFINE" ./java.sh) (PR 248)
• Remove incorrect ATOMIC_USER preprocessor gate around native wolfSSL_GetSide() (PR 246)

Example Changes:

• Updated Android Studio example project, define WOLFSSL_CERT_REQ (PR 234)
• Update Android Studio CMakeLists.txt with WOLFSSL_CUSTOM_CONFIG definition (PR 239)

Testing Changes:

• Add GitHub Actions PRB test for Maven (Linux, macOS) builds (PR 232)
• Add tests of SSLSession state at various points throughout the handshake (PR 233)
• Add GitHub Actions PRB test for --enable-jni CFLAGS="-DNO_SESSION_CACHE_REF" build (PR 236)
• Add GitHub Actions PRB test for -DWOLFJNI_USE_IO_SELECT (PR 246)

The wolfSSL JNI Manual is available at: https://www.wolfssl.com/documentation/manuals/wolfssljni. For build instructions and more detailed comments, please check the manual.

wolfSSL JNI and JSSE Provider 1.14.0

To download the release bundle of wolfSSL JNI/JSSE visit the download page at www.wolfssl.com/download/

Release 1.14.0 has bug fixes and new features including:

New JSSE Functionality:

• Add wolfJCE WKS KeyStore type support (PR 178)
• Add support for native poll() and set as default over select() (PR 201)
• Add getSSLParameters() to SSLServerSocket implementation (PR 214)
• Add rsa_pss support and tests to wolfJSSE (PR 218)
• Add LDAPS endpoint identification to X509ExtendedTrustManager (PR 227)

JSSE System/Security Property Support:

• Add option to print debug logs in JSON format (wolfjsse.debugFormat=JSON) (PR 187)
• Add Security property to disable Java client session cache (wolfjsse.clientSessionCache.disabled=true) (PR 225)

JSSE Changes:

• Fix for native memory leak when calling wolfSSL_get_peer_certificate() (PR 188)
• Optimization to allow for easier garbage collection (PR 189)
• Fix for SSLEngine session storage and unwrap() FINISHED state (PR 193)
• Fix to not close SSLSocket when SSLServerSocket is closed (PR 194)
• Fix for getting end of stream when calling InputStream.read() (PR 195)
• Fix for throwing exceptions on KeyManagerFactory/TrustManagerFactory use before init (PR 196)
• Fix for SSLEngine HandshakeStatus when receiving TLS 1.3 session tickets after handshake (PR 197)
• Throw SSLException to indicate lack of renegotiation support in SSLEngine.beginHandshake() (PR 197)
• Fix to mark inbound and outbound closed in SSLEngine when fatal alerts are received (PR 197)
• Return X509Certificate[] from SSLSession.getPeerCertificates() (PR 199)
• Remove unneeded SSLServerSocket.close() method (PR 200)
• Fix SSLSession.getLocalPrincipal() to assume user cert is first in chain (PR 204)
• Ensure that socket is closed if implicit handshake in SSLSocket.getSession() fails (PR 205)
• If SSLSocket handshake is unsuccessful, close Socket before throwing an exception (PR 205)
• Close SSLEngine inbound on ALPN protocol name error (PR 208)
• Adjust client-side session resumption to check cipher suite and protocol (PR 209)
• Pass lower level exception messages up during X509TrustManager verification (PR 211)
• Refactor code calls not available in Android API 24 (PR 216)
• Fix to return end of stream in InputStream.read() on socket error (PR 217)
• Fix to update the TLS protocol in SSLSession after handshake completes (PR 219)
• Fix potential deadlock on close() between SSLSocket and Input/OutputStream (PR 220)
• Fixes for issues found with SpotBugs (PR 221)
• Clean up ant build warnings on Corretto 20.0.1 (PR 223)
• Error out on invalid port during creation of SSLEngine (PR 224)
• Correct SSLSocket exception types and fix setting of native file descriptor (PR 228)
• Fix deadlock issues between SSLSocket close() and OutputStream.write() (PR 230)

New JNI Wrapped APIs and Functionality:

• wolfSSL_SessionIsSetup() (PR 191)
• wolfSSL_SESSION_dup() (PR 206)

JNI Changes:

• Fix for JNI example use of TLS 1.3 secret callback strings (PR 192)

Example Changes:

• Add Host into HTTP GET in example ClientJSSE when used with -g (PR 213)
• Add example JNI-only threaded client/server applications (PR 212)
• Add basic RMI example client and server (PR 226)

Debugging Changes:

• Fix typo in SSLEngine debug logs (PR 203)

Testing Changes:

• Run Facebook Infer on all PRs with GitHub Actions (PR 190)
• Run TLS 1.0 and 1.1 tests if enabled in native wolfSSL even if disabled in java.security (PR 198)
• Add GitHub Actions PRB test for Android gradle build (PR 222)

The wolfSSL JNI Manual is available at: https://www.wolfssl.com/documentation/manuals/wolfssljni. For build instructions and more detailed comments, please check the manual.

wolfSSL JNI and JSSE Provider 1.13.0

Release 1.13.0 has bug fixes and new features including:

New JSSE Functionality:

• Add SSLSocket.getApplicationProtocol(), returns negotiated ALPN protocol (PR 150)
• Add native WOLFSSL_TRUST_PEER_CERT support in WolfSSLTrustX509 (PR 154)
• Add implementation of javax.net.ssl.X509ExtendedTrustManager (PR 159)
• Add getSSLParameters() to SSLEngine and SSLSocket (PR 159)
• Add getHandshakeSession() to SSLSocket (PR 159)
• Convert SSLSession to ExtendedSSLSession, add getRequestedServerNames() (PR 159)
• Add ALPN API support to SSLSocket and SSLEngine with tests (PR 163)
• Add implementation of X509ExtendedKeyManager (PR 167)

JSSE System/Security Property Support:

• Add partial support for jdk.tls.disabledAlgorithms Security property (PR 136)
• Add support for wolfjsse.enabledCipherSuites Security property (PR 136)
• Add support for wolfjsse.enabledSignatureAlgorithms Security property (PR 136)
• Add support for wolfjsse.enabledSupportedCurves Security property (PR 143)

JSSE Changes:

• Get updated status before returning from SSLEngine.getHandshakeStatus() (PR 122)
• Add synchronization to SSLEngine read/write buffers (PR 124)
• Return null array from X509TrustManager.getAcceptedIssuers() if not yet initialized (PR 128)
• Improve SSLEngine.unwrap() for better efficiency (PR 137)
• Add native wolfSSL crypto callback (CryptoCb) support with WolfSSLProvider (PR 138)
• Add synchronization around WolfSSLAuthStore lock (PR 139)
• Fixes and improvements to SSLSocket/SSLEngine session resumption (PR 139, 144)
• Fix for X509TrustManager to not add root CA twice in returned chains (PR 140)
• Add synchronization around native pointer use and active states (PR 142)
• Fix for SSLSocket to fall back to I/O callbacks if setting internal fd fails (PR 145)
• Fix SSLSocket TLS 1.3 session cache and threading issues (PR 149)
• Throw SocketException if native socket select() fails (PR 151)
• Only call InetAddress.getHostName() when jdk.tls.trustNameService is true (PR 134)
• Fix for SSLSession.getPeerCertificate() and cached certs during resumption (PR 162)
• Save session at correct time for resumption in SSLEngine (PR 165)
• Check TLS 1.3 session for ticket before saving to Java client cache (PR 175)
• Fixes for SSLEngine.setWantClientAuth() (PR 172)
• Release native verify callback when SSLEngine is closed (PR 180)
• Avoid extra Java array allocation in SSLSocket InputStream/OutputStream (PR 183)

New JNI Wrapped APIs and Functionality:

• wolfSSL_CTX_SetTmpDH() and wolfSSL_CTX_SetTmpDH_file() (PR 136)
• wolfSSL_CTX_SetMinDh/Rsa/EccKey_Sz() (PR 136)
• wolfSSL_set1_sigalgs_list() (PR 136)
• wolfSSL_CTX_UseSupportedCurve() (PR 158)
• wolfSSL_X509_check_host() and wolfSSL_SNI_GetRequest() (PR 159)
• wolfSSL_CTX_set_groups() and wolfTLSv1_3_client/server_method() (PR 164)
• SSL_CTX_set1_sigalgs_list() (PR 169)
• wolfSSL_set_tls13_secret_cb(), add ability to set Java callback (PR 181)
• Add X.509v3 certificate generation support in WolfSSLCertificate and examples (PR 141)
• Add Certificate Signing Request (CSR) support and examples (PR 146)

JNI Changes:

• Call wolfSSL_get1_session() when saving session for resumption (PR 139)
• Call select() again on error with EINTR (PR 171)

New Platform Support:

• Add Windows support with Visual Studio, see IDE/WIN/README.md (PR 125)

Build System Changes:

• Add JAVA_HOME support in java.sh for use with custom Java install (PR 121)
• New argument to java.sh for custom wolfSSL library name to be used (PR 126)
• Add lib64 directory to library search path in java.sh (PR 130)
• Standardize JNI library name on OSX to .dylib (PR 152)
• Add Maven build support (PR 153)
• Update Android Studio example project (PR 185)

Example Changes:

• Update instructions for running examples (PR 133)
• Fix example JSSE client -d option, add -g to send HTTP GET (PR 155)
• Fix example JSSE client for resumption when sending HTTP GET (PR 157)
• Add TLS 1.3 version support to example Client.java and Server.java (PR 169)
• Expand JNI Client.java with support for doing session resumption with tickets (PR 169)

Debugging Changes:

• Add WolfSSLDebug.logHex() for printing byte arrays as hex (PR 129)
• Add synchronization and Thread ID to debug log messages (PR 129)
• Add new debug System property wolfsslengine.io.debug for I/O debug logs (PR 137)
• Add timestamp to debug logs (PR 148)
• Fix for enabling JSSE debug logs after WolfSSLProvider has been registered (PR 166)
• Make native wolfSSL debug log format consistent with wolfJSSE logs (PR 166)

Testing Changes:

• Add Facebook Infer test script, make fixes (PR 127, 182)
• Add extended threading test of SSLEngine (PR 124)
• Testing with and fixes from SonarQube static analyzer (PR 131)
• Add extended threading test of SSLSocket (PR 149)
• Testing with and fixes for running SunJSSE tests on wolfJSSE (PR 170, 174)
• Add GitHub Actions tests for Oracle/Zulu/Coretto/Temurin/Microsoft JDKs on Linux and OS X (PR 176)

Documentation Changes:

• Clean up Javadoc warnings with Java 17 (PR 147)

The wolfSSL JNI Manual is available at:
https://www.wolfssl.com/documentation/manuals/wolfssljni. For build
instructions and more detailed comments, please check the manual.

wolfSSL JNI and JSSE Provider 1.12.0

Release 1.12.0 has bug fixes and new features including:

JNI and JSSE Changes:

• Additional synchronization support in WolfSSLCertificate (PR 118)
• Prevent WolfSSLCertificate from freeing WOLFSSL_X509 if not owned (PR 118)
• Fix X509KeyManager.getCertificateChain() to return null when alias is null (PR 119)

Documentation Changes:

• Add Android Studio instructions for how to update source symlinks on Windows (PR 117)

The wolfSSL JNI Manual is available at: https://www.wolfssl.com/documentation/manuals/wolfssljni. For build instructions and more detailed comments, please check the manual.

wolfSSL JNI and JSSE Provider 1.11.0

Release 1.11.0 has bug fixes and new features including:

JNI and JSSE Changes:

• Add support for system properties: keyStore, keyStoreType, keyStorePassword (PR 74)
• Add support for secure renegotiation if available in native wolfSSL (PR 75)
• Fix compilation against newer wolfSSL versions that have dtls.c (PR 107)
• Fixes and cleanup to SSLEngine implementation (PR 108)
• Fixes for SSLEngine synchronization issues (PR 108)
• Add non-standard X509TrustManager.checkServerTrusted() for use on Android (PR 109)
• Add RPM packaging support (PR 110)
• Fix SSLSocketFactory.createSocket() to allow for null host (PR 111)
• Remove Override on SSLEngine.getHandshakeSession() for older Java versions (PR 114)

The wolfSSL JNI Manual is available at: https://www.wolfssl.com/documentation/manuals/wolfssljni. For build instructions and more detailed comments, please check the manual.

wolfSSL JNI and JSSE Provider 1.10.0

Release 1.10.0 has bug fixes and new features including:

JNI and JSSE Changes:

• Add SSLEngine.getApplicationProtocol(), fixes Undertow compatibility (PR 84)
• Wrap wolfSSL_UseALPN() at JNI level (PR 84)
• Fix compile error for wolfSSL < 4.2.0 and wolfSSL_set_alpn_protos() (PR 84)
• Fix NullPointerException when no selected ALPN is available (PR 84)
• Fix JNI build when wolfSSL compiled with --disable-filesystem (PR 104)
• Fix SSLEngine compatibility with data larger than TLS record size (PR 105)
• Refactor SSLEngine handshake status to be more inline with SunJSSE (PR 105)
• Add verbose SSLEngine logging with "wolfsslengine.debug" property (PR 105)

Documentation Changes

• Fix missing Javadoc warnings in ALPN code

Example Changes:

• Update Android Studio IDE project to use Android 11 (SDK 30)

The wolfSSL JNI Manual is available at: https://www.wolfssl.com/documentation/manuals/wolfssljni. For build instructions and more detailed comments, please check the manual.

wolfSSL JNI and JSSE Provider 1.9.0

Release 1.9.0 has bug fixes and new features including:

JNI and JSSE Changes:

• Add synchronization to class cleanup/free routines (PR 78)
• Fix JNI native casting to use utintptr_t instead of intptr_t (PR 79)
• Add support for newer Java versions (ex: Java 17) (PR 90)
• Remove HC-128 support (PR 94). Native wolfSSL removed with wolfSSL/wolfssl#4767
• Remove RABBIT support (PR 96). Native wolfSSL removed with wolfSSL/wolfssl#4767
• Remove IDEA support (PR 97). Native wolfSSL removed in wolfSSL/wolfssl#4806.
• Fix typecasting issues and cleanup for native argument checking (PR 98, 99)
• Add Socket timeout support for native SSL_connect/write() (PR 95)
• SSLSocket.getSession() now tries to do TLS handshake if not completed (PR 76)
• Fix shutdown/close_notify alert handling in WolfSSLEngine (PR 83)
• Fix WolfSSLSocket to test if close() called before object init (PR 88)
• Add support for loading default system CA certs on Java 9+ (PR 89)
• Fix timeout behavior with WolfSSLSession.connect() (PR 100)

Example Changes:

• Print wolfJSSE provider info in JSSE ProviderTest (PR 77)
• Add option to ClientJSSE to do one session resumption (PR 80)
• Update example certificates and keys (PR 81)

Documentation Changes:

• Add missing Javadocs, fix warnings on newer Java versions (PR 92)

Testing Changes:

• Update junit dependency to 4.13.2 (PR 91)

The wolfSSL JNI Manual is available at: http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build instructions and more detailed comments, please check the manual.

wolfSSL JNI and JSSE Provider 1.8.0

Release 1.8.0 has bug fixes and new features including:

• wolfCrypt FIPS 140-3 and FIPS Ready compatibility
• Add Socket method wrappers, fixes behavior when inner Socket used with JSSE
• Add wrappers to get FIPS verifyCore hash (FIPS error cb or directly)
• Fix potential NullPointerException with several clone() methods
• Refactor of SSLSessionContext implementation
• Fix behavior of WolfSSLSocket.getSoTimeout() when external Socket is wrapped
• Fix timeout used in socketSelect to correctly handle fractional sec timeouts
• Fix memory leak when custom X509TrustManager is used with wolfJSSE
• Add support for multiple X509TrustManager objects across multiple sessions
• Call WolfSSL.cleanup() in finalizer to release library resources earlier
• Release native WOLFSSL memory sooner, when WolfSSLSocket is closed
• Better management and freeing of native WolfSSLCertificate memory
• Release native logging callback when library is freed
• Release native wolfCrypt FIPS callback when library is freed
• Release CTX-level Java verify callback when CTX is freed
• Release CTX-level Java CRL callback when CTX is freed
• Better global reference cleanup in error conditions
• Fix unused variable warnings in non-FIPS builds
• Use one static WolfSSL object across all WolfSSLProvider objects
• Release local JNI array inside WolfSSLSession.read() on function exit
• Add multi-threaded JSSE provider client and server examples
• Update Android AOSP install script to create missing blank files if needed
• Update Android AOSP build fies to define SIZEOF_LONG and SIZEOF_LONG_LONG
• Update IDE/Android example Android Studio project
• Fix default cipher suite list order used in JSSE WolfSSLContext objects
• Fix FIPS Ready compatibility with WC_RNG_SEED_CB
• Update Android AOSP Android.mk to compile wolfCrypt kdf.c

The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.