{"id":15069496,"url":"https://github.com/wolfssl/wolfssljni","last_synced_at":"2026-01-03T01:20:03.856Z","repository":{"id":11721212,"uuid":"14242446","full_name":"wolfSSL/wolfssljni","owner":"wolfSSL","description":"wolfSSL JSSE provider and JNI wrapper for SSL/TLS, supporting up to TLS 1.3!","archived":false,"fork":false,"pushed_at":"2025-03-12T16:23:19.000Z","size":4815,"stargazers_count":65,"open_issues_count":2,"forks_count":38,"subscribers_count":22,"default_branch":"master","last_synced_at":"2025-04-06T00:08:44.296Z","etag":null,"topics":["android","c","cipher-suites","cryptography","dtls","iot-security","java","jni","jsse","ocsp","openjdk","openssl-alternative","openssl-library","security","ssl","tls","tls-library","tls13","wolfssl"],"latest_commit_sha":null,"homepage":"https://www.wolfssl.com","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wolfSSL.png","metadata":{"files":{"readme":"README.md","changelog":"ChangeLog.md","contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2013-11-08T19:33:37.000Z","updated_at":"2025-03-12T16:23:23.000Z","dependencies_parsed_at":"2023-12-12T18:05:13.743Z","dependency_job_id":"d9739ecc-3d8d-40eb-adf1-d44781aa93ec","html_url":"https://github.com/wolfSSL/wolfssljni","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2Fwolfssljni","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2Fwolfssljni/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2Fwolfssljni/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2Fwolfssljni/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wolfSSL","download_url":"https://codeload.github.com/wolfSSL/wolfssljni/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247415967,"owners_count":20935387,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","c","cipher-suites","cryptography","dtls","iot-security","java","jni","jsse","ocsp","openjdk","openssl-alternative","openssl-library","security","ssl","tls","tls-library","tls13","wolfssl"],"created_at":"2024-09-25T01:42:52.331Z","updated_at":"2026-01-03T01:20:03.845Z","avatar_url":"https://github.com/wolfSSL.png","language":"Java","readme":"\n# wolfSSL JSSE Provider and JNI Wrapper\n\nThis package provides Java support for the\n[wolfSSL embedded SSL/TLS library](https://www.wolfssl.com/products/wolfssl/),\ngiving applications support for SSL/TLS up to the current\n[TLS 1.3](https://www.wolfssl.com/tls13) protocol level.\nIt contains both a wolfSSL **JSSE** (Java Secure Socket Extension) provider,\ncalled **wolfJSSE**, and a thin JNI-based interface that wraps the native C\nlibrary.\n\nwolfSSL also provides a **JCE** (Java Cryptography Extension) provider that\nwraps native wolfCrypt. This can be found in a separate repository, located\n[here](https://github.com/wolfSSL/wolfcrypt-jni).\n\n## Why use wolfJSSE?\n\nThis interface gives Java applications access to all the benefits of using\nwolfSSL, including current SSL/TLS standards up to\n[TLS 1.3](https://www.wolfssl.com/tls13),\n[FIPS 140-2 and 140-3](https://www.wolfssl.com/license/fips/) support,\nperformance optimizations, hardware cryptography support,\n[commercial support](https://www.wolfssl.com/products/support-and-maintenance/),\nand more!\n\n## User Manual\n\nThe wolfSSL JNI/JSSE Manual is available on the wolfSSL website:\n[wolfSSL JNI Manual](https://www.wolfssl.com/documentation/manuals/wolfssljni/).\n\nFor additional build instructions and more detailed comments, please reference\nthe manual.\n\n## Building\n\nwolfJSSE currently supports compilation on the following platforms:\n- Linux/Unix\n- Mac OSX\n- [Windows (Visual Studio)](./IDE/WIN/README.md)\n- Android Studio\n- Android AOSP\n\nTo build wolfJSSE on Windows using Visual Studio, please reference the\nWindows [README.md](./IDE/WIN/README.md).\n\n## Building Native wolfSSL (Dependency)\n\nTo compile the wolfSSL JNI wrapper and JSSE provider, first the native (C)\nwolfSSL library must be compiled and installed.\n\nTo build wolfJSSE in Linux/Unix environments, first download, compile, and\ninstall wolfSSL. wolfSSL can be downloaded from the wolfSSL\n[download page](https://www.wolfssl.com/download/) or cloned from\n[GitHub](https://github.com/wolfssl/wolfssl).\n\n```\n$ unzip wolfssl-X.X.X.zip\n$ cd wolfssl-X.X.X\n$ ./configure --enable-jni\n$ make check\n$ sudo make install\n```\n\nIf building a wolfSSL FIPS or FIPS Ready release bundle, additional\nconfigure options may be required. Reference the wolfSSL Manual and build\ndocumentation for exact build instructions.\n\n## Building with ant\n\nwolfSSL JNI/JSSE's ant build is the most stable and well-tested. Newer support\nfor building with Maven has also been added. See section below for instructions\non building with Maven.\n\n***Note 1)***\nThe `java.sh` script uses a common location for the Java install location. If\nyour Java install location is different, this could lead to an error when\nrunning `java.sh`. In this case, you should modify `java.sh` to match your\nenvironment.\n\nBuild targets for ant are :\n* **ant build (ant)**     (only builds the jar necessary for an app to use)\n* **ant test**      (builds the jar and tests then runs the tests, requires JUNIT setup)\n* **ant examples**  (builds the jar and example cases)\n* **ant clean**     (cleans all Java artifacts)\n* **ant cleanjni**  (cleans native artifacts)\n\nTo build wolfJSSE:\n\n```\n$ cd wolfssljni\n$ ./java.sh\n$ ant\n$ export JUNIT_HOME=/path/to/junit/jars\n$ ant test\n```\n\nTo compile and run the examples, use the `ant examples` target:\n\n```\n$ ant examples\n```\n\nThen, run the examples from the root directory using the provided wrapper\nscripts:\n\n```\n$ ./examples/provider/ServerJSSE.sh\n$ ./examples/provider/ClientJSSE.sh\n```\n\n### java.sh Script Options\n\nThe `java.sh` script compiles the native JNI sources into a shared library named\neither `libwolfssljni.so` (Linux/Unix) or `libwolfssljni.dylib` (MacOS).\nCompiling on Linux/Unix and Mac OSX are currently supported.\n\nThis script will attempt to auto-detect the `JAVA_HOME` location if not set.\nTo explicitly use a Java home location, set the `JAVA_HOME` environment variable\nprior to running this script.\n\nThis script will try to link against a wolfSSL library installed to the\ndefault location of `/usr/local`. This script accepts two arguments on the\ncommand line. The first argument can point to a custom wolfSSL installation\nlocation. A custom install location would match the directory set at wolfSSL\n`./configure --prefix=\u003cDIR\u003e`.\n\nThe second argument represents the wolfSSL library name that should be\nlinked against. This is helpful if a non-standard library name has been\nused with wolfSSL, for example the `./configure --with-libsuffix` option\nhas been used to add a suffix to the wolfSSL library name. Note that to\nuse this argument, an installation location must be specified via the\nfirst argument.\n\nFor example, if wolfSSL was configured with `--with-libsuffix=jsse`, then\nthis script could be called like so using the default installation\npath of `/usr/local`:\n\n```\njava.sh /usr/local wolfssljsse\n```\n\n`java.sh` can use preset `CFLAGS` defines, if set in the environment variable\nprior to running the script, for example:\n\n```\nCFLAGS=-DWOLFJNI_USE_IO_SELECT java.sh\n```\n\n## Building with Maven\n\nwolfJSSE supports building and packaging with Maven, for those projects that\nare already set up to use and consume Maven packages.\n\nwolfJSSE's Maven build configuration is defined in the included `pom.xml`.\n\nFirst, compile the native JNI shared library (libwolfssljni.so/dylib) same\nas above. This will create the native JNI shared library under the `./lib`\ndirectory:\n\n```\n$ ./java.sh\n```\n\nCompile the Java sources, where Maven will place the compiled `.class` files\nunder the `./target/classes` directory:\n\n```\n$ mvn compile\n```\n\nCompile and run JUnit tests using:\n\n```\n$ mvn test\n```\n\nPackage up the wolfSSL JNI/JSSE JAR file using the following command. This will\nrun the JUnit tests then create a `.jar` file located under the `./target`\ndirectory, similar to `target/wolfssl-jsse-X.X.X-SNAPSHOT.jar`:\n\n```\n$ mvn package\n```\n\nTo build the Javadoc API reference for wolfSSL JNI/JSSE run the following. This\nwill generate Javadoc HTML under the `./docs/apidocs` directory:\n\n```\n$ mvn javadoc:javadoc\n```\n\nTo install the wolfSSL JNI/JSSE JAR file, run the following. This will install\nthe JAR into the local Maven repository:\n\n```\n$ mvn install\n```\n\nThe local Maven repository installation location will be similar to:\n\n```\n~/.m2/repository/com/wolfssl/wolfssl-jsse/X.X.X-SNAPSHOT/wolfssl-jsse-X.X.X-SNAPSHOT.jar\n```\n\nThe wolfSSL JNI shared library (`libwolfssljni.so/dylib`) created with the\n`java.sh` script will need to be \"installed\" by being placed on your native\nlibrary search path. For example, copied into `/usr/local/lib`, `/usr/lib`,\nor other location. Alternatively, append the `./libs` directory to your native\nlibrary search path by exporting `LD_LIBRARY_PATH` (Linux) or\n`DYLD_LIBRARY_PATH` (OSX):\n\n```\n$ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/path/to/wolfssljni/lib\n```\n\nAfter wolfSSL JNI/JSSE has been installed into the local Maven repository,\nan application can include this as a dependency in the application's\n`pom.xml` file, similar to:\n\n```\n\u003cproject ...\u003e\n    ...\n    \u003cdependencies\u003e\n        \u003cdependency\u003e\n            \u003cgroupId\u003ecom.wolfssl\u003c/groupId\u003e\n            \u003cartifactId\u003ewolfssl-jsse\u003c/artifactId\u003e\n            \u003cversion\u003e1.16.0-SNAPSHOT\u003c/version\u003e\n        \u003c/dependency\u003e\n    \u003c/dependencies\u003e\n    ...\n\u003c/project\u003e\n```\n\n## Examples\n\nExamples of using wolfssljni can be found in the `./examples` subdirectory.\nSee [examples/README.md](./examples/README.md) for more details.\n\nExamples of using the wolfJSSE provider can be found in the `./examples/provider`\nsubdirectory. See [examples/provider/README.md](./examples/provider/README.md)\nfor more details.\n\nExample certificates and keys are included in this bundle. These should only\nbe used for testing and prototyping. Example certificates included here are\nduplicates of the ones that ship with standard wolfSSL. If needed, certificates\ncan be easily updated from an existing wolfSSL directory by using the script\n**examples/certs/update-certs.sh**. This should be run from the examples/certs\ndirectory and given one argument which is the path to a wolfSSL certs directory.\n\n## Debugging\n\nwolfSSL JNI/JSSE supports several System properties for enabling debug\nlogging. The table below describes the currently-supported debug properties\nand what each enables.\n\n| System Property | Default | To Enable | Description |\n| --- | --- | --- | --- |\n| wolfssl.debug | \"false\" | \"true\" | Enables native wolfSSL debug logging |\n| wolfssljni.debug | \"false\" | \"true\" | Enables wolfJNI debug logging |\n| wolfjsse.debug | \"false\" | \"true | Enables wolfJSSE debug logging |\n| wolfjsse.debugFormat | | \"JSON\" | Switches debug output format |\n| wolfsslengine.debug | \"false\" | \"true\" | Enables SSLEngine debug logging |\n| wolfsslengine.io.debug | \"false\" | \"true\" | Enables SSLEngine I/O bytes log |\n\nNative wolfSSL logging (`wolfssl.debug`) will only output messages if\nnative wolfSSL has been configured with `--enable-debug`.\n\nThese System properties can be defined at runtime, ie:\n\n```\njava -Dwolfjsse.debug=true App\n```\n\nOr these system properties can also be set programmatically at runtime, ie:\n\n```\nSystem.setProperty(\"wolfjsse.debug\", \"true\");\nSystem.setProperty(\"wolfsslengine.debug\", \"true);\n```\n\nIf wolfSSL JNI/JSSE debug System properties are changed at runtime after\nthe WolfSSLDebug class has already been initialized/used, applications need\nto refresh the debug property values inside the WolfSSLDebug class. To do so,\nafter setting System properties, call:\n\n```\nWolfSSLDebug.refreshDebugFlags()\n```\n\nJDK debug logging can be enabled using the `-Djavax.net.debug=all` option.\n\n### JSON Log Message Format\n\nDebug messages can be output in JSON format for consumption by tools such as\nDataDog. Setting the following System property to \"JSON\" will cause all debug\nmessages to print in JSON instead of the default text output:\n\n```\nSystem.setProperty(\"wolfjsse.debugFormat\", \"JSON\");\n```\n\nThis can also be specified at runtime on the command line like so:\n\n```\n-Dwolfjsse.debug=true -Dwolfjsse.debugFormat=JSON\n```\n\nDebug messages will look similar to the following when output in JSON format:\n\n```\n{\n    \"@timestamp\": \"2025-04-05 11:13:07.193\",\n    \"level\": \"INFO\",\n    \"logger_name\": \"wolfJSSE\",\n    \"message\": \"[ WolfSSLTrustManager] entered engineInit()\",\n    \"thread_name\": \"main\",:\n    \"thread_id\": \"1\"\n}\n```\n\n## Building for Android\n\nwolfSSL JNI and JSSE can be built and used on the Android platform, either\nat the application-level or installed inside a modified version of the\nAndroid AOSP at the system-level.\n\n### Android Application Level Usage\n\nAn example Android Studio application is included in this package, to show\nusers how they could include the wolfSSL native and wolfSSL JNI/JSSE sources\nin an Android Studio application. For more details, see the Android Studio\nproject and README.md located in the [./IDE/Android](./IDE/Android) directory.\n\nUsing wolfJSSE at the application level will allow developers to register\nwolfJSSE as a Security provider at the application scope. The application can\nuse the Java Security API for SSL/TLS operations which will then use the\nunderlying wolfJSSE provider (and subsequently native wolfSSL).\n\nApplications can register the wolfJSSE provider using:\n\n```\nimport com.wolfssl.provider.jsse.WolfSSLProvider;\n...\nSecurity.addProvider(new WolfSSLProvider());\n```\n\nTo instead insert the WolfSSLProvider as the top priority provider, or at\na specified index (note: indexing starts at 1):\n\n```\nimport com.wolfssl.provider.jsse.WolfSSLProvider;\n...\nSecurity.insertProviderAt(new WolfSSLProvider(), 1);\n```\n\nThere are also additional Android examples using wolfSSL JNI in the\n[wolfssl-examples](https://github.com/wolfssl/wolfssl-examples/tree/master/android) repository.\n\n### Android AOSP System Level Installation\n\nwolfJSSE can be installed inside an Android AOSP build and registered at the\nOS/system level. This will allow wolfJSSE to be registered as the highest\npriority JSSE provider on Android, thus allowing any application using the\nJava Security API to automatically use wolfJSSE and wolfSSL.\n\nFor details on how to install wolfJSSE in Android AOSP, see the README located\nin the [./platform/android_aosp](./platform/android_aosp) directory.\n\nAdditional instructions can be found on the wolfSSL.com website:\n[Installing a JSSE Provider in Android OSP](https://www.wolfssl.com/docs/installing-a-jsse-provider-in-android-osp/).\n\n## Behavior and Functionality Notes\n\n### JSSE Class Implementation Support\n\nwolfJSSE extends or implements the following JSSE classes. Note that\nSSLContext `DTLSv1.3` support is only supported through the `SSLEngine`\ninterface.\n\n- javax.net.ssl.SSLContextSpi\n    - SSL, TLS, DEFAULT, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, DTLSv1.3\n- javax.net.ssl.KeyManagerFactorySpi\n    - PKIX, X509, SunX509\n- javax.net.ssl.TrustManagerFactorySpi\n    - PKIX, X509, SunX509\n- javax.net.ssl.SSLEngine\n- javax.net.ssl.SSLSession / ExtendedSSLSession\n- javax.net.ssl.X509KeyManager / X509ExtendedKeyManager\n- javax.net.ssl.X509TrustManager / X509ExtendedTrustManager\n- javax.net.ssl.SSLServerSocket\n- javax.net.ssl.SSLServerSocketFactory\n- javax.net.ssl.SSLSocket\n- javax.net.ssl.SSLSocketFactory\n- javax.net.ssl.SSLSessionContext\n- java.security.cert.X509Certificate\n- javax.security.cert.X509Certificate\n\n### Secure Renegotiation Support\n\nwolfSSL JNI and JSSE provider wrap native wolfSSL APIs to enable and conduct\nsecure renegotiation. For secure renegotiation functionality to be available\nin wolfSSL JNI, and enabled for use in wolfJSSE, native wolfSSL must be\ncompiled with secure renegotiation support:\n\n```\n$ ./configure --enable-secure-renegotiation\n```\n\nOr by defining `-DHAVE_SECURE_RENEGOTIATION`.\n\n### Native File Descriptor Events\n\nwolfSSL JNI/JSSE internally makes several calls that operate on native\nfile descriptors inside Java Socket objects. These native file descriptors\nare watched for read and write events with either `select()` or `poll()`.\n\nBy default `poll()` will be used, unless `WOLFJNI_USE_IO_SELECT` is defined\nor added to CFLAGS when compiling the native JNI sources (see `java.sh`).\nWindows builds will also default to using `select()` since `poll()` is not\navailable there.\n\nwolfSSL JNI/JSSE does not select/poll on a large number of file descriptors\n(typically just one). Although if used in applications that make lots of\nconnections, when using `select()` the `FD_ISSET` and other related macros\nresult in undefined behavior when the file descriptor number is larger than\n`FD_SETSIZE` (defaults to 1024 on most systems). For this reason, `poll()` is\nused as the default descriptor monitoring function.\n\n### Security Property Support\n\nwolfJSSE allows for some customization through the `java.security` file\nand use of Security properties.\n\n#### Pre-Existing Java Security Properties\n\nSupport is included for the following pre-existing Java Security properties.\n\n| System Property | Default | To Enable | Description |\n| --- | --- | --- | --- |\n| keystore.type | JKS | String | Specifies the default KeyStore type |\n| jdk.tls.disabledAlgorithms | | String | Disables algorithms, TLS protocol versions, and key lengths |\n\n**keystore.type (String)** - Specifies the default KeyStore type. This defaults\nto JKS, but could be set to something else if desired.\n\n**jdk.tls.disabledAlgorithms (String)** - Can be used to disable algorithms,\nTLS protocol versions, and key lengths, among other things. This should be a\ncomma-delimited String. wolfJSSE includes partial support for this property,\nwith supported items including disabling SSL/TLS protocol versions and setting\nminimum RSA/ECC/DH key sizes. An example of potential use:\n\n```\njdk.tls.disabledAlgorithms=SSLv3, TLSv1.1, DH keySize \u003c 1024, EC keySize \u003c 224, RSA keySize \u003c 1024\n```\n\n#### wolfSSL JNI/JSSE Specific Security Properties\n\nThe following custom wolfSSL JNI/JSSE specific Security property settings are\nsupported. These can be placed into the `java.security` file and will be parsed\nand used by wolfSSL JNI/JSSE.\n\n| System Property | Default | To Enable | Description |\n| --- | --- | --- | --- |\n| wolfssl.readWriteByteBufferPool.disabled | \"false\" | \"true\" | Disables the read/write ByteBuffer pool |\n| wolfssl.readWriteByteBufferPool.size | 16 | Integer | Sets the read/write per-thread ByteBuffer pool size |\n| wolfssl.readWriteByteBufferPool.bufferSize | 17408 | String | Sets the read/write per-thread ByteBuffer size |\n| wolfjsse.enabledCipherSuites | | String | Restricts enabled cipher suites |\n| wolfjsse.enabledSupportedCurves | | String | Restricts enabled ECC curves |\n| wolfjsse.enabledSignatureAlgorithms | | String | Restricts enabled signature algorithms |\n| wolfjsse.keystore.type.required | | String | Restricts KeyStore type |\n| wolfjsse.clientSessionCache.disabled | | \"true\" | Disables client session cache |\n| wolfjsse.X509KeyManager.disableCache | \"false\" | \"true\" | Disables X509KeyManager KeyStore entry caching |\n\n**wolfssl.readWriteByteBufferPool.disabled (String)** - Can be used to disable\nthe static per-thread ByteBuffer pool used in com.wolfssl.WolfSSLSession\nfor native JNI wolfSS\\_read() and wolfSSL\\_write() calls. This pool is in place\nto prevent unaligned memory access at the JNI level when using byte array\noffsets. This pool is enabled by default unless explicitly disabled by setting\nthis property to \"true\":\n\n```\nwolfssl.readWriteByteBufferPool.disabled=true\n```\n\n**wolfssl.readWriteByteBufferPool.size (Integer)** - Can be used to set the\nmaximum per-thread ByteBuffer pool size. This is the maximum number of\ndirect ByteBuffer objects that will be allocated and added to the pool. The\npool starts at size 0, then grows as needed up to this maximum size. The\ndefault is 16. This should be set to a positive integer value:\n\n```\nwolfssl.readWriteByteBufferPool.size=16\n```\n\n**wolfssl.readWriteByteBufferPool.bufferSize (String)** - Can be used to set\nthe size of each direct ByteBuffer in the static per-thread WolfSSLSession\npool. This is set to 17k (17 * 1024) by default which allows for the maximum\nSSL/TLS record size of 2^14 (16k) plus some extra space for the record header\noverhead. This should be set to a positive integer value. This can be used\nto optimize performance if the size of data an application is reading/writing\nis known. If sized properly, fewer read/write loops will need to be done\nwhen calling native `wolfSSL_read()` and `wolfSSL_write()` inside\ncom.wolfssl.WolfSSLSession read() and write() methods.\n\n```\nwolfssl.readWriteByteBufferPool.bufferSize=17408\n```\n\n**wolfjsse.enabledCipherSuites (String)** - Allows restriction of the enabled\ncipher suites to those listed in this Security property. When set, applications\nwil not be able to override or add additional suites at runtime without\nchanging this property. This should be a comma-delimited String. Example use:\n\n```\nwolfjsse.enabledCipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n```\n\n**wolfjsse.enabledSupportedCurves (String)** - Allows setting of specific ECC\ncurves to be enabled for SSL/TLS connections. This propogates down to the native\nwolfSSL API `wolfSSL_UseSupportedCurve()`. If invalid/bad values are found\nwhen processing this property, connection establishment will fail with an\nSSLException. This should be a comma-delimited String. Example use:\n\n```\nwolfjsse.enabledSupportedCurves=secp256r1, secp521r1\n```\n\n**wolfjsse.enabledSignatureAlgorithms (String)** - Allows restriction of the\nsignature algorithms sent in the TLS ClientHello Signature Algorithms\nExtension. By using/setting this property, native wolfSSL will not populate\nthe extension with default values, which are based on what algorithms have been\ncompiled into the native wolfSSL library. This should be a comma-delimited\nString of signature algorithm + MAC combinations. Example use:\n\n```\nwolfjsse.enabledSignatureAlgorithms=RSA+SHA256:ECDSA+SHA256\n```\n\n**wolfjsse.keystore.type.required (String)** - Can be used to specify a KeyStore\ntype that is required to be used. If this is set, wolfJSSE will not allow use\nof any KeyStore instances that are not of this type. One use of this option\nis when using wolfCrypt FIPS 140-2/3 with wolfJCE registered as a JCE provider.\nThis option can be used to restrict use of the wolfJCE \"WKS\" KeyStore type\nto help ensure conformance to using FIPS-validated cryptography. Other\nnon-wolfJCE KeyStore implementations may not use/consume FIPS validated crypto.\n\n**wolfjsse.clientSessionCache.disabled (String)** - Can be used to disable\nthe Java client session cache. Disabling this will cause client-side session\nresumption to no longer resume, making all connections fall back to a full\nhandshake. This should be set to the String \"true\" if you want to disable\nthe Java client session cache. This does not need to be set to \"enable\" the\ncache. The Java client cache is enabled by default.\n\n```\nwolfjsse.clientSessionCache.disabled=true\n```\n\n**wolfjsse.X509KeyManager.disableCache (String)** - Can be used to disable\nKeyStore entry caching in the WolfSSLKeyX509 (X509ExtendedKeyManager) implementation.\nWhen set to \"true\", the X509KeyManager will revert to the original behavior of\ncalling KeyStore methods directly for each operation instead of using cached\nentries. This can be useful for debugging, compatibility testing, or when\nKeyStore contents may change dynamically. Caching is enabled by default for\nperformance. This should be set to the String \"true\" to disable caching:\n\n```\nwolfjsse.X509KeyManager.disableCache=true\n```\n\nIf there are other Security properties you would like to use with wolfJSSE,\nplease contact support@wolfssl.com.\n\n### System Property Support\n\nwolfJSSE allows some customization through the use of System properties. Since\nthese are **System** properties and not **Security** properties, they will not\nget picked up if placed in the `java.security` file. That file is only used\nwith/for Security properties (see section above).\n\n**javax.net.ssl.keyStore (String)** - Can be used to specify the KeyStore file\nto use for KeyManager objects. An alternative to passing in the KeyStore file\nprogramatically at runtime.\n\n**javax.net.ssl.keyStoreType (String)** - Can be used to specify the KeyStore\ntype to use when getting KeyStore instances inside KeyManager objects.\n\n**javax.net.ssl.keyStorePassword (String)** - Can be used to specify the\nKeyStore password to use for initializing KeyManager instances.\n\n**javax.net.ssl.trustStore (String)** - Can be used to specify the KeyStore\nfile to use with TrustManager objects. An alternative to passing in the\nKeyStore file programatically at runtime.\n\n**javax.net.ssl.trustStoreType (String)** - Can be used to specify the KeyStore\ntype to use when loading KeyStore inside TrustManager objects.\n\n**javax.net.ssl.trustStorePassword (String)** - Can be used to specify the\nKeyStore password to use when loading KeyStore inside TrustManager objects.\n\n**jdk.tls.client.enableSessionTicketExtension (boolean)** - Session tickets\nare enabled in different ways depending on the JDK implementation. For\nOracle/OpenJDK and variants, this System property enables session tickets and\nwas added in Java 13. Should be set to \"true\" to enable.\n\n**jdk.tls.server.SignatureSchemes (String)** - Controls which signature algorithms are\nadvertised and used by the server if set.\n\n**jdk.tls.client.SignatureSchemes (String)** - Controls which signature algorithms are\nadvertised and used by the client if set.\n\n**jdk.tls.useExtendedMasterSecret (boolean)** - Can be used to enable or\ndisable the use of the Extended Master Secret (EMS) extension. This extension\nis enabled by default, unless explicitly disabled by setting this property to\nfalse.\n\n**wolfjsse.autoSNI (boolean)** - Controls automatic Server Name Indication (SNI)\nextension setting based on hostname or peer address. When set to \"true\", enables\nlegacy behavior where SNI is automatically configured from hostname/peer information\neven without explicit SSLParameters configuration. Default value is \"false\", where\nSNI is only set when explicitly configured through SSLParameters.\n\nIf there are other System properties you would like to use with wolfJSSE,\nplease contact support@wolfssl.com.\n\n## Release Notes\n\nRelease notes can be found in [ChangeLog.md](./ChangeLog.md).\n\n## Support\n\nFor support inquiries and feedback please contact support@wolfssl.com.\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwolfssl%2Fwolfssljni","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwolfssl%2Fwolfssljni","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwolfssl%2Fwolfssljni/lists"}