PureTLS and GoNative Provider are no longer being actively maintained either for new functionality or for security issues. They do not implement new versions of the protocols and depend on old versions of Java and upon Cryptix, which is itself no longer being maintained. Users who need a pure Java TLS stack should look at either Bouncy Castle or OpenJDK.
If for some reason, you really need to continue using PureTLS, contact email@example.com and I may be able to provide some advice.
PureTLS is a free Java-only implementation of the SSLv3 and TLSv1 (RFC2246) protocols. PureTLS was developed by Eric Rescorla for Claymore Systems, Inc. but is being distributed for free because we believe that basic network security is a public good and should be a commodity. PureTLS is licensed under a Berkeley-style license, which basically means that you can do anything you want with it, provided that you give us credit and retain our copyrights.
The current version of PureTLS is 0.9b5.
0.9b5 is a bugfix release which includes:
The only relevant values are Extensions and Algorithm.Parameters. In practice this should not be a problem with Algorithm.Parameters Since they're NULL in RSA certificates and always present in real DSA certificates. If you rely on Extensions you should upgrade as soon as possible.
Note: extensions processing is still only partially tested. Use with care.
If you are installing PureTLS for the first time, you should use 0.9b5.
Bug reports should be sent to EKR.
TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
Both client authentication and renegotiation are supported. PureTLS is able to read keys out of a subset of OpenSSL style keyfiles, which makes importing keying material (e.g. from OpenSSL) easy.
1. You'll definitely need the PureTLS distribution.
2. You'll need Cryptix, version 3.2.
3. PureTLS depends on the Cryptix ASN.1 kit, but unfortunately the released version contains problems that make it unusable. As a public service, we provide a pre-compiled directory tree that will work here.
4. To run the demo programs, you'll also need GNU getopt. PureTLS itself runs fine without it but the demo programs don't.
5. You may also want to download the Claymore GoNative Provider which provides native accelerated versions of critical crypto routines. PureTLS with GNP is about 10x faster than unaccelerated PureTLS.
PureTLS was developed under JDK 1.2 on FreeBSD 4.6.2. It is believed to work under any JDK version greater than 1.1.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBCnzFX3n8ERpUIz6cRAluUAKCjjFBjlPaiOnkVJqgNJnvbecslVwCgg+Ro TqZ49wzUjaWszakMKS8jzyM= =L0Ym -----END PGP SIGNATURE-----
Here's a PGP signature for version 0.9b4.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQA+tSwi3n8ERpUIz6cRAv8jAKCQSIO1EUBBhL/kcoo9wPPeXhkGdgCfUTb6 bawMk0d97flQ3dZqyV3u7hE= =FVXu -----END PGP SIGNATURE-----Here's a PGP signature for version 0.9b3.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQA9rX993n8ERpUIz6cRAjipAJ9Alu9h3opmzc6Sn1dZBWci5C0bGwCfbBSe ljHdxxNsiccktXvd08Hke6o= =YTFC -----END PGP SIGNATURE-----My key fingerprint is:
465E 8A2B 9258 E9CA CE65 1DC3 DE7F 0446 9508 CFA7
SSL and TLS: Designing and Building Secure Systems
SSL and TLS contains quite a bit of material about programming with PureTLS. If you like PureTLS and want to learn about SSL, you might consider buying my book.
I also do security consulting, mainly systems design and analysis. If you're interested in this, contact me at firstname.lastname@example.org or see the RTFM, Inc. homepage.