wolfSSL JNI/JSSE 1.15.0 Now Available

    • wolfSSL JNI/JSSE 1.15.0 is now available for download! This release contains a number of bug fixes and changes to the JNI and JSSE layers.

    wolfSSL JNI/JSSE allows for easy use of the native wolfSSL SSL/TLS library from Java. The thin JNI wrapper can be used for direct JNI calls into native wolfSSL, or the JSSE provider (wolfJSSE) can be registered as a Java Security provider for seamless integration underneath the Java Security API. wolfSSL JNI/JSSE provides TLS 1.3 support and can also support running on top of the wolfCrypt FIPS 140-3 validated cryptography module.

    Changes in this release are summarized below, but please see ChangeLog.md for a full list.

    JSSE System/Security Property Support:

    • wolfssljni.debug – a new System property that enables JNI-level debug logging. This will add debug logs for the lower-level “com.wolfssl.*” classes that are part of the thin wolfSSL JNI wrapper. This is helpful for those users who are using the thin wolfSS JNI wrapper, or for JSSE-level users who need additional low-level debug logging support.

    JSSE Changes:

    • Close the underlying Socket when SSLSocket startHandshake() fails before an exception is thrown and returned to the caller.
    • Fix a potential NullPointerException in SSLSocket Input/OutputStream that could happen in a threaded environment with some threads blocked in select()/poll().
    • Add support for SSLSession.getRequestedServerNames() to return the client’s SNI (Server Name Indication) request on the server side.
    • Add checks for legacy DHE keys for cipher suites using keys less than 1024 bits.
    • Optimize Java byte array creation in SSLEngine objects when receiving app data. This has a positive impact on performance by reducing garbage collector pressure.
    • Add the ability for SSLSocket.close() to interrupt read()/write() operations waiting in select()/poll(). This can speed up the return of threads blocked in read or write operations when the socket is closed, instead of waiting for the socket timeout to occur.

    JNI Changes:

    • Always call wolfSSL_get1_session() inside WolfSSLSession.getSession() for more consistent native memory handling and cleanup.
    • Call wc_RunAllCast_fips() with wolfCrypt FIPS builds if available. This will run all FIPS Conditional Algorithm Self Tests (CAST) up front when the wolfJSSE provider is registered.
    • Add the ability to pass CFLAGS to java.sh (ie: CFLAGS=”-DTEST_DEFINE” ./java.sh)
    • Remove incorrect ATOMIC_USER preprocessor gate around native wolfSSL_GetSide() inside JNI glue code.

    Example Changes:

    • Updates the example Android Studio project, defining WOLFSSL_CERT_REQ and WOLFSSL_CUSTOM_CONFIG. These defines are either not needed, or automatically set when building native wolfSSL on a Linux/Unix platform with “./configure –enable-jni”.

    Testing Changes:

    • Add GitHub Actions PRB test for Maven (Linux, macOS) builds
    • Add JUnit tests for SSLSession state at various points throughout the handshake
    • Add GitHub Actions PRB test for native wolfSSL with NO_SESSION_CACHE_REF defined
    • Add GitHub Actions PRB test for WOLFJNI_USE_IO_SELECT

    wolfSSL JNI/JSSE 1.15.0 can be downloaded from the wolfSSL download page, and an updated version of the wolfSSL JNI/JSSE User Manual can be found here. For any questions, or to get help using wolfSSL products in your projects, contact us at support@wolfSSL.com.

    If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

    Download wolfSSL Now