wolfSSL JNI/JSSE 1.16.0 Now Available

    • wolfSSL JNI/JSSE 1.16.0 is now available for download! This release contains a number of bug fixes and changes to the JNI and JSSE layers.

    wolfSSL JNI/JSSE allows for use of the native wolfSSL SSL/TLS library from Java. The thin JNI wrapper can be used for direct JNI calls into native wolfSSL, or the JSSE provider (wolfJSSE) can be registered as a Java Security provider for integration underneath the Java Security API. wolfSSL JNI/JSSE provides TLS 1.3 support and can also support running on top of the wolfCrypt FIPS 140-3 validated cryptographic module.

    Highlights from this release are below. See ChangeLog.md for a full list.

    Java System and Security Property Support:

    This release improves alignment with Java JSSE behavior and improves drop-in compatibility for applications migrating from other JSSE providers.

    • New wolfjsse.autoSNI security property for controlling automatic SNI behavior with automatic SNI configuration for HttpsURLConnection
    • Partial support for jdk.tls.client.SignatureSchemes and jdk.tls.server.SignatureSchemes
    • Java Module System (JPMS) compatibility via ServiceLoader support
    • Added X509Certificate getSubjectX500Principal() and getIssuerX500Principal() implementations
    • Added Android non-standard checkServerTrusted() in X509TrustManager

    DTLS 1.3 and Session Enhancements

    This release adds DTLS 1.3 support in SSLContext and SSLEngine classes, along with:

    • DTLS Connection ID (CID) support
    • New DTLS 1.3 example client and server applications
    • Session serialization and persistence support via wrapped native APIs

    These enhancements enable secure datagram-based applications with session resumption.

    Performance Improvements

    Several changes focus on reducing overhead in high-throughput and highly concurrent environments:

    • 20–30% SSLEngine send/receive performance improvement
    • Reduced synchronization and contention in JSSE components
    • Cached system and security properties to avoid repeated lookups
    • ByteBuffer pooling and improved ByteBuffer handling in JNI paths
    • Cached KeyStore entries for improved scalability under load

    Correctness, Stability, and Security Fixes

    • Fixes for potential use-after-free conditions and memory leaks
    • Improved protection of native WOLFSSL sessions during concurrent I/O
    • Correct certificate chain ordering and improved handling of cross-signed certificates
    • Enhanced SNI handling for session resumption and server-side matching
    • Improved ALPN handling, including non-ASCII protocol names
    • Expanded X.509 API coverage, including Extended Key Usage and X500 principals
    • Added support for honoring client cipher suite preference ordering
    • Rename wolfCrypt JNI helper classes to avoid namespace conflicts with wolfcrypt-jni

    Improved Debugging, Testing, and CI Coverage

    Debug logging now uses Java’s standard logging framework (java.util.logging) with improved timestamps. CI coverage has also been expanded to include GitHub Actions for:

    • AddressSanitizer (-fsanitize=address)
    • Clang scan-build static analysis
    • Windows (Visual Studio) builds
    • Android emulator unit tests
    • ARM (–enable-armasm) builds
    • Compatibility testing against the last five stable wolfSSL releases

    wolfSSL JNI/JSSE 1.16.0 can be downloaded from the wolfSSL download page, and an updated version of the wolfSSL JNI/JSSE User Manual can be found here. For any questions or to get help using wolfSSL products in your projects, contact us at support@wolfssl.com.

    If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

    Download wolfSSL Now