wolfSSL JNI/JSSE 1.13.0 is now available for download!
wolfSSL JNI/JSSE provides Java-based applications with an easy way to use the native wolfSSL SSL/TLS library. The thin JNI wrapper can be used for direct JNI calls into native wolfSSL, or the JSSE provider (wolfJSSE) can be registered as a Java Security provider for seamless integration underneath the Java Security API. wolfSSL JNI/JSSE provides TLS 1.3 support and can also support running on top of wolfCrypt FIPS 140-2 and the upcoming wolfCrypt 140-3 modules.
Release 1.13.0 contains a significant number of bug fixes, changes, and new features to help better support application usage of the Java Security APIs as well as 3rd party Java frameworks that consume JSSE providers internally. This release also improves behavior when used in multi threaded applications and use cases, and improves automated testing with GitHub actions across several Java JDK implementations and versions.
New functionality
New functionality added in this release is summarized below, but please see ChangeLog.md for a full list that includes all changes and fixes.
New JSSE Functionality:
- Add SSLSocket.getApplicationProtocol(), which returns the negotiated ALPN protocol of a TLS connection (PR 150)
- Add native WOLFSSL_TRUST_PEER_CERT support in WolfSSLTrustX509 (PR 154)
- Add implementation of javax.net.ssl.X509ExtendedTrustManager, which adds hostname checking inside the TrustManager (PR 159)
- Add getSSLParameters() to SSLEngine and SSLSocket, allowing applications to retrieve the SSLParameters objects set (PR 159)
- Add getHandshakeSession() to SSLSocket, returning the SSLSession being constructed during the TLS handshake (PR 159)
- Convert SSLSession to ExtendedSSLSession, adding getRequestedServerNames() to return a list of all SNIServerNames of the requested SNI extension(PR 159)
- Add ALPN API support to SSLSocket and SSLEngine with tests (PR 163)
- Add implementation of X509ExtendedKeyManager (PR 167)
- New JSSE System/Security Property Support:
- Add partial support for jdk.tls.disabledAlgorithms Security property, allowing algorithms and key sizes to be limited (PR 136)
- Add support for wolfjsse.enabledCipherSuites Security property, enabling locking down of TLS cipher suites allowed (PR 136)
- Add support for wolfjsse.enabledSignatureAlgorithms Security property, enabling locking down of the TLS signature algorithms allowed (PR 136)
- Add support for wolfjsse.enabledSupportedCurves Security property, enabling locking down of the TLS supported ECC curves allowed (PR 143)
New JNI Wrapped APIs and Functionality:
- wolfSSL_CTX_SetTmpDH() and wolfSSL_CTX_SetTmpDH_file() (PR 136)
- wolfSSL_CTX_SetMinDh/Rsa/EccKey_Sz() (PR 136)
- wolfSSL_set1_sigalgs_list() (PR 136)
- wolfSSL_CTX_UseSupportedCurve() (PR 158)
- wolfSSL_X509_check_host() and wolfSSL_SNI_GetRequest() (PR 159)
- wolfSSL_CTX_set_groups() and wolfTLSv1_3_client/server_method() (PR 164)
- SSL_CTX_set1_sigalgs_list() (PR 169)
- wolfSSL_set_tls13_secret_cb(), add ability to set Java callback (PR 181)
- Add X.509v3 certificate generation support in WolfSSLCertificate and examples (PR 141)
- Add Certificate Signing Request (CSR) support and examples (PR 146)
New Platform Support:
- Add Windows support with Visual Studio, see IDE/WIN/README.md (PR 125)
Build System Changes:
- Add JAVA_HOME support in java.sh for use with custom Java install (PR 121)
- New argument to java.sh for custom wolfSSL library name to be used (PR 126)
- Add lib64 directory to library search path in java.sh (PR 130)
- Standardize JNI library name on OSX to .dylib (PR 152)
- Add Maven build support (PR 153)
- Update Android Studio example project (PR 185)
Debugging Changes:
- Add WolfSSLDebug.logHex() for printing byte arrays as hex (PR 129)
- Add synchronization and Thread ID to debug log messages (PR 129)
- Add new debug System property wolfsslengine.io.debug for I/O debug logs (PR 137)
- Add timestamp to debug logs (PR 148)
- Fix for enabling JSSE debug logs after WolfSSLProvider has been registered (PR 166)
- Make native wolfSSL debug log format consistent with wolfJSSE logs (PR 166)
Testing Changes:
- Add Facebook Infer test script, make fixes (PR 127, 182)
- Add extended threading test of SSLEngine (PR 124)
- Testing with and fixes from SonarQube static analyzer (PR 131)
- Add extended threading test of SSLSocket (PR 149)
- Testing with and fixes for running SunJSSE tests on wolfJSSE (PR 170, 174)
- Add GitHub Actions tests for Oracle/Zulu/Coretto/Temurin/Microsoft JDKs on Linux and OS X (PR 176)
wolfSSL JNI/JSSE 1.13.0 can be downloaded from the wolfSSL download page, and an updated version of the wolfSSL JNI/JSSE User Manual can be found here. For any questions, or to get help using wolfSSL in your product or projects, contact us at support@wolfSSL.com.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now