http://www.rtfm.com/puretls/ Claymore Systems, Inc. is pleased to announce the availability of PureTLS 0.9b1. PureTLS is a free pure Java implementation of TLS and SSLv3. This is the first Beta release of PureTLS. Some bugs have been fixed since Alpha 2, but there are certainly still bugs. This version makes a number of changes from Alpha 2, including fixing a serious security problem. If you're using Alpha 2, please upgrade. This is the first release of Claymore's GoNative Provider. The GoNative Provider is a JNI-based bridge between JCE and OpenSSL. GoNative Provider allows you to accelerate JCE-base crypto applications easily. PureTLS will automatically use the GoNative Provider if it is present. We expect to produce Final-quality versions of PureTLS and the GoNative Provider by Q1 2000, but to do that we need people to try them and send us bug reports. PureTLS and the GoNative Provider are released under a BSD-style license. Quite simply, we feel that good security should be a commodity, and this is our contribution to that end. CHANGES FROM PureTLS ALPHA 2 An unpleasant security hole in the DH code has been fixed. Due to a typo (a missing ! if you must know), the DH parameter p was a large composite, not a large prime. This has been fixed in Beta 1. You'll notice that DH parameter generation is much slower now. This is because randomly generated numbers are much more likely to be composite than prime. This is only a security problem if you're using PureTLS as a server in DH mode. If you use it as a client or in RSA mode you should be fine. Dynamic provider loading: You no longer need to edit your java.security file to add various providers. Merely call LoadProviders.init() to automatically load all relevant providers. A number of performance improvements: PureTLS now contains support for Claymore's GoNative Provider. GoNative Provider uses JNI as a bridge to OpenSSL to provide fast implementations of cryptographic primitive. If you use dynamic provider loading, PureTLS will automatically detect the presence of GoNative Provider and use it if possible. You can now load DH Parameters of disk using SSLContext.loadDHParams(). This is much faster than generating them ever was. You can generate a set of parameters usng SSLContext.saveDHParams(). saveDHParams() also allows you to generate Sophie-Germain primes if you're really paranoid. The automatic DH prime generation does not because S-G prime generation is unbelievably slow in java. The DH parameters file included with the distribution (dh1024.pem) was generated by OpenSSL's parameter generator, which generates S-G primes. You can now use a permanent random file. This allows you to skip the expensive RNG seeding stage. See SSLContext.useRandomnessFile(); Other assorted bug fixes.