wolfSSL JNI/JSSE 1.17.0 is now available for download! This release brings JSSE?level PSK support, Java Platform Module System (JPMS) compatibility, SSLEngine hardening, a large expansion of X.509 and CRL capabilities at the JNI layer, and two new properties for FIPS and native library loading. Along with the new functionality, 1.17.0 contains a substantial set of bug fixes, compatibility improvements, and stability changes driven by AI-facilitated analysis and test integrations with Spring Boot, Netty, and OkHttp.

New JSSE Functionality

• Pre-Shared Key (PSK) support – Full JSSE-level PSK via WolfSSLParameters for SSLSocket and SSLEngine (client and server).

• Java 9+ Module System (JPMS) support – Conditional module-info.java compilation for jlink compatibility.

• Trust and KeyStore enhancements — CertPathTrustManagerParameters and KeyStoreBuilderParameters now supported in WolfSSLTrustManager.

New JNI Functionality & Certificate APIs

• Extract SNI directly from a raw ClientHello buffer with WolfSSL.getSNIFromBuffer()

• RSA-PSS sign/verify and RSA sign-check PK callback support.

• Basic Constraints pathLen parameter in WolfSSLCertificate / WolfSSLCertRequest.addExtension().

• Full CRL generation and decode wrappers in WolfSSLCRL.

• Extended X.509 support:
  

  • SKID, AKID, CRL Distribution Points, and Netscape Cert Type extensions.

  • Name Constraints via new WolfSSLNameConstraints / WolfSSLGeneralName classes.

  • Extended AIA interface for separate OCSP and CA Issuer URL retrieval.

  • WolfSSLAltName class with full SAN parsing (including otherName for MS AD UPN, iPAddress, and directoryName).

New Configuration Properties

• wolfjsse.skipFIPSCAST Security property – Skip automatic FIPS CAST execution during wolfJSSE initialization.

• wolfssl.skipLibraryLoad System property – Skip automatic System.loadLibrary() calls for advanced embedding scenarios.

Bug Fixes & Reliability Improvements
This release includes numerous stability and compatibility fixes, particularly for SSLEngine and SSLSocket:

• Improved SSLEngine buffer handling (BUFFER_UNDERFLOW/OVERFLOW), close/shutdown state transitions, and handshake status reporting.

• Better SNI handling, session timeout behavior, and principal return types (X500Principal).

• Spring Boot and Netty compatibility improvements (SSLHandshakeException on handshake errors, SSLEngine(host, -1) support).

• Multiple null-pointer, memory-leak, and thread-safety fixes in native callbacks and FIPS error handling.

• Cipher suite filtering aligned with jdk.tls.disabledAlgorithms and TLS version configuration.

• Various edge-case fixes for PSK, certificate loading, and high file descriptor handling.

Expanded Testing & CI Infrastructure

• Static analysis – New SpotBugs build target and GitHub Actions workflow.

• Android FIPS Ready – Automated Android emulator testing via GitHub workflow.

• Sanitizers – UndefinedBehaviorSanitizer (UBSan) GitHub workflow.

• Linux 32-bit testing with Java 17 via GitHub workflow.

• Expanded test matrix support for Java 24 and 25.

• Module system and build verification – JPMS (Java Module System) testing workflow.

New Examples & Testing

• PSK client/server examples for both SSLSocket and SSLEngine.

• DualProviderFIPSTest demonstrating wolfJSSE + wolfJCE dual-provider FIPS usage.

• Updated Android example with TLS connection and FIPS error callback support.

wolfSSL JNI/JSSE 1.17.0 can be downloaded from the wolfSSL download page, and an updated version of the wolfSSL JNI/JSSE User Manual can be found here. Full details on this release can be seen in the ChangeLog.md on GitHub. For any questions, or to get help using wolfSSL products in your projects, contact us at support@wolfssl.com.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now