- Update to version 1.76:
* Defects Fixed:
- Service allocation in the provider could fail due to the lack
of a permission block. This has been fixed.
- JceKeyFingerPrintCalculator has been generalised for different
providers by using "SHA-256" for the algorithm string.
- BCJSSE: Fixed a regression in 1.74 (NullPointerException) that
prevents a BCJSSE server from negotiating TLSv1.1 or earlier.
- DTLS: Fixed server support for client_certificate_type extension.
- Cipher.unwrap() for HQC could fail due to a miscalculation of
the length of the KEM packet. This has been fixed.
- There was exposure to a Java 7 method in the Java 5 to Java 8
BCTLS jar which could cause issues with some TLS 1.2 cipher
suites running on older JVMs. This is now fixed.
* Additional Features and Functionality:
- BCJSSE: Following OpenJDK, finalizers have been removed from
SSLSocket subclasses. Applications should close sockets and
not rely on garbage collection.
- BCJSSE: Added support for boolean system property
"jdk.tls.client.useCompatibilityMode" (default "true").
- DTLS: Added server support for session resumption.
- JcaPKCS10CertificationRequest will now work with EC on the
OpenJDK provider.
- TimeStamp generation now supports the SHA3 algorithm set.
- The SPHINCS+ simple parameters are now fully supported in the
BCPQC provider.
- Kyber, Classic McEliece, HQC, and Bike now supported by the
CRMF/CMS/CMP APIs.
- Builder classes have been add for PGP ASCII Armored streams
allowing CRCs and versions to now be optional.
OBS-URL: https://build.opensuse.org/request/show/1118599
OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=99
