wolfSSL JNI/JSSE 1.16.0 is now available for download!  This release contains a number of bug fixes and changes to the JNI and JSSE layers.

wolfSSL JNI/JSSE allows for use of the native wolfSSL SSL/TLS library from Java. The thin JNI wrapper can be used for direct JNI calls into native wolfSSL, or the JSSE provider (wolfJSSE) can be registered as a Java Security provider for integration underneath the Java Security API. wolfSSL JNI/JSSE provides TLS 1.3 support and can also support running on top of the wolfCrypt FIPS 140-3 validated cryptographic module.

Highlights from this release are below. See ChangeLog.md for a full list.

Java System and Security Property Support:
This release improves alignment with Java JSSE behavior and improves drop-in compatibility for applications migrating from other JSSE providers.

• New wolfjsse.autoSNI security property for controlling automatic SNI behavior with automatic SNI configuration for HttpsURLConnection

• Partial support for jdk.tls.client.SignatureSchemes and jdk.tls.server.SignatureSchemes

• Java Module System (JPMS) compatibility via ServiceLoader support

• Added X509Certificate getSubjectX500Principal() and getIssuerX500Principal() implementations

• Added Android non-standard checkServerTrusted() in X509TrustManager

DTLS 1.3 and Session Enhancements
This release adds DTLS 1.3 support in SSLContext and SSLEngine classes, along with:

• DTLS Connection ID (CID) support

• New DTLS 1.3 example client and server applications

• Session serialization and persistence support via wrapped native APIs

These enhancements enable secure datagram-based applications with session resumption.

Performance Improvements
Several changes focus on reducing overhead in high-throughput and highly concurrent environments:

• 20–30% SSLEngine send/receive performance improvement

• Reduced synchronization and contention in JSSE components

• Cached system and security properties to avoid repeated lookups

• ByteBuffer pooling and improved ByteBuffer handling in JNI paths

• Cached KeyStore entries for improved scalability under load

Correctness, Stability, and Security Fixes

• Fixes for potential use-after-free conditions and memory leaks

• Improved protection of native WOLFSSL sessions during concurrent I/O

• Correct certificate chain ordering and improved handling of cross-signed certificates

• Enhanced SNI handling for session resumption and server-side matching

• Improved ALPN handling, including non-ASCII protocol names

• Expanded X.509 API coverage, including Extended Key Usage and X500 principals

• Added support for honoring client cipher suite preference ordering

• Rename wolfCrypt JNI helper classes to avoid namespace conflicts with wolfcrypt-jni

Improved Debugging, Testing, and CI Coverage
Debug logging now uses Java’s standard logging framework (java.util.logging) with improved timestamps. CI coverage has also been expanded to include GitHub Actions for:

• AddressSanitizer (-fsanitize=address)

• Clang scan-build static analysis

• Windows (Visual Studio) builds

• Android emulator unit tests

• ARM (--enable-armasm) builds

• Compatibility testing against the last five stable wolfSSL releases

wolfSSL JNI/JSSE 1.16.0 can be downloaded from the wolfSSL download page, and an updated version of the wolfSSL JNI/JSSE User Manual can be found here. For any questions or to get help using wolfSSL products in your projects, contact us at support@wolfssl.com.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now