Details
-
Task
-
Resolution: Fixed
-
Major
-
11.4
-
None
Description
See https://www.bouncycastle.org/releasenotes.html
2.1.2 Defects Fixed DTLS: Fixed infinite loop on IO exceptions. DTLS: Retransmission timers now properly apply to flights monolithically. BCJSSE: setEnabledCipherSuites ignores unsupported cipher suites. BCJSSE: SSLSocket implementations store passed-in 'host' before connecting. BCJSSE: Handle SSLEngine closure prior to handshake. EdDSA verifiers now reject overly long signatures. XMSS/XMSS^MT OIDs now using the values defined in RFC 8391. XMSS/XMSS^MT keys now encoded with OID at start. An error causing valid paths to be rejected due to DN based name constraints has been fixed in the CertPath API. Name constraint resolution now includes special handling of serial numbers. Cipher implementations now handle ByteBuffer usage where the ByteBuffer has no backing array. CertificateFactory now enforces presence of PEM headers when required. A performance issue with RSA key pair generation that was introduced in 1.61 has been mostly eliminated. 2.1.3 Additional Features and Functionality Builders for X509 certificates and CRLs now support replace and remove extension methods. DTLS: Added server-side support for HelloVerifyRequest. DTLS: Added support for an overall handshake timeout. DTLS: Added support for the heartbeat extension (RFC 6520). DTLS: Improve record seq. behaviour in HelloVerifyRequest scenarios. TLS: BasicTlsPSKIdentity now reusable (returns cloned array from getPSK). BCJSSE: Improved ALPN support, including selectors from Java 9. Lightweight RSADigestSigner now support use of NullDigest. SM2Engine now supports C1C3C2 mode. SHA256withSM2 now added to provider. BCJSSE: Added support for ALPN selectors (including in BC extension API for earlier JDKs). BCJSSE: Support 'SSL' algorithm for SSLContext (alias for 'TLS'). The BLAKE2xs XOF has been added to the lightweight API. Utility classes added to support journaling of SecureRandom and algorithms to allow persistance and later resumption. PGP SexprParser now handles some unprotected key types. NONEwithRSA support added to lightweight RSADigestSigner. Support for the Ethereum flavor of IES has been added to the lightweight API.