- Update to version 1.72:
* Defects Fixed:
- There were parameter errors in XMSS^MT OIDs for
XMSSMT_SHA2_40/4_256 and XMSSMT_SHA2_60/3_256. These have
been fixed.
- There was an error in Merkle tree construction for the
Evidence Records (ERS) implementation which could result in
invalid roots been timestamped. ERS now produces an
ArchiveTimeStamp for each data object/group with an associated
reduced hash tree. The reduced hash tree is now calculated as
a simple path to the root of the tree for each record.
- OpenPGP will now ignore signatures marked as non-exportable
on encoding.
- A tagging calculation error in GCMSIV which could result in
incorrect tags has been fixed.
- Issues around Java 17 which could result in failing tests
have been addressed.
* Additional Features and Functionality:
- BCJSSE: TLS 1.3 is now enabled by default where no explicit
protocols are supplied (e.g. "TLS" or "Default" SSLContext
algorithms, or SSLContext.getDefault() method).
- BCJSSE: Rewrite SSLEngine implementation to improve compatibility
with SunJSSE.
- BCJSSE: Support export of keying material via extension API.
- (D)TLS: Add support for 'tls-exporter' channel binding per RFC 9266.
- (D)TLS (low-level API): By default, only (D)TLS 1.2 and TLS 1.3 are
offered now. Earlier versions are still supported if explicitly
enabled. Users may need to check they are offering suitable
cipher suites for TLS 1.3.
- (D)TLS (low-level API): Add support for raw public keys per RFC 7250.
OBS-URL: https://build.opensuse.org/request/show/1030002
OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=87