Bouncy Castle Crypto Provider Package version 1.68 now available

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Bouncy Castle Crypto Provider Package version 1.68 now available

Jon Eaves
Hi everybody,

It's nearly the end of 2020 (thank goodness), but a little bit of Bouncy
Christmas cheer to end it. Hopefully this puts a bit of a smile on
faces, and from the crew at Bouncy Castle, we hope you all have a much
better 2021.

Release 1.68 is now out.

This release is a primarily about TLS and to alert people to a recent
CVE. Concerning TLS, the BCJSSE now supports TLS 1.3 and session
resumption for TLS 1.2 and earlier. A few small bugs in the ASN.1
library and PGP package have also been fixed and the
PGPSignatureSubpacketGenerator now supports the editing of a
pre-existing signature sub-packet list.

Also please note that a CVE, CVE-2020-28052, has just been announced for
an issue that was in BC 1.65 and BC 1.66 concerning the
OpenBSDBCrypt.checkPassword() utility method.  We would like to thank
Matti Varanka and Tero Rontti and the rest of the team at the Synopsys
Cybersecurity Research Center for finding the problem and bringing it to
our attention.

Further details on other additions and bug fixes can be found in the
release notes at:

Thanks also goes to other people and organisations who have
contributed/donated to the project and you can find the updated list at

We would also like to thank holders of Crypto Workshop support contracts
as we were again able to fund extra work on this release through time
available from those.

For the actual release and other details go to our latest releases page:

And for those who like living on the bleeding edge, the betas for future
releases can be downloaded from:

and changes to the code base can be tracked via:

On the FIPS front, the Java FIPS 2.0.0 module for Java 11 and later is
now available for early access.

Details on future plans can be found at:

We are looking to raise money for the NIST recovery fees for our next
certification. If you are interested helping support the Bouncy Castle
project through donation, you can find the details on how to donate via
PayPal or Bitcoin, at:

The Legion of the Bouncy Castle Inc is a registered Australian
charity based in the State of Victoria, Australia.

If you wish to sponsor specific work on Bouncy Castle, get early access
to the FIPS APIs under development, or get a commercial support contract
for the APIs please contact us at Crypto Workshop
( ) details about support can be found at:

Remember, you can also follow this project on Facebook ( ), and/or Twitter ( ).

Finally, for users of the maven repositories, 1.68 should appear in the
next few days.