You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/releasenotes.html
+6-2Lines changed: 6 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -32,7 +32,11 @@ <h3>2.1.2 Defects Fixed</h3>
32
32
<h3>2.1.3 Additional Features and Functionality</h3>
33
33
<ul>
34
34
<li>BCJSSE: TLS 1.3 is now enabled by default where no explicit protocols are supplied (e.g. "TLS" or "Default" SSLContext algorithms, or SSLContext.getDefault() method).</li>
35
+
<li>BCJSSE: Rewrite SSLEngine implementation to improve compatibility with SunJSSE.</li>
36
+
<li>BCJSSE: Support export of keying material via extension API.</li>
37
+
<li>(D)TLS: Add support for 'tls-exporter' channel binding per RFC 9266.</li>
35
38
<li>(D)TLS (low-level API): By default, only (D)TLS 1.2 and TLS 1.3 are offered now. Earlier versions are still supported if explicitly enabled. Users may need to check they are offering suitable cipher suites for TLS 1.3.</li>
39
+
<li>(D)TLS (low-level API): Add support for raw public keys per RFC 7250.</li>
36
40
<li>CryptoServicesRegistrar now has a setServicesConstraints() method on it which can be used to selectively turn off algorithms.</li>
37
41
<li>The NIST PQC Alternate Candidate, Picnic, has been added to the low level API and the BCPQC provider.</li>
38
42
<li>SPHINCS+ has been upgraded to the latest submission, SPHINCS+ 3.1 and support for Haraka has been added.</li>
@@ -52,12 +56,12 @@ <h3>2.1.3 Additional Features and Functionality</h3>
52
56
<li>A fast version of CRC24 has been added for use with the PGP API.</li>
53
57
<li>Some additional methods and fields have been exposed in the PGPOnePassSignature class to (hopefully) make it easier to deal with nested signatures.</li>
54
58
<li>CMP support classes have been updated to reflect the latest editions to the the draft RFC "Lightweight Certificate Management Protocol (CMP) Profile".</li>
55
-
<li>Support has been added to the PKCS#12 implemantation for the Oracle trusted certificate attribute.</li>
59
+
<li>Support has been added to the PKCS#12 implementation for the Oracle trusted certificate attribute.</li>
56
60
<li>Performance of our BZIP2 classes has been improved.</li>
57
61
</ul>
58
62
<h3>2.1.4 Notes</h3>
59
63
<p>
60
-
Keep in mind the PQC agorithms are still under development and we are still at least a year and a half away from published standards. This means the algorithms may still change so by all means experiment, but do not use the PQC algoritms for anything long term.
64
+
Keep in mind the PQC algorithms are still under development and we are still at least a year and a half away from published standards. This means the algorithms may still change so by all means experiment, but do not use the PQC algoritms for anything long term.
61
65
</p>
62
66
<p>
63
67
The legacy "Rainbow" and "McEliece" implementations have been removed from the BCPQC provider. The underlying classes are still present if required. Other legacy algorithm implementations can be found under the org.bouncycastle.pqc.legacy package.
0 commit comments