Conscrypt 2.4.0 released

[Pete Bentley]

We're pleased to announce that we've released Conscrypt 2.4.0.

This is mostly a bug-fix release but due to staffing and process changes we originally planned to bump the release branch to 2.3.0. However that release was ultimately abandoned due to circumstances and we have jumped to 2.4.0. Apologies for the long delay between releases!

This release includes the following notable change:

=== SSLEngine-based SSLSocket Improvements ===

Conscrypt contains two implementations of SSLSocket: ConscryptFileDescriptorSocket and ConscryptEngineSocket.  The file-descriptor based socket is more complex, harder to maintain and won't work on very recent versions of openjdk, the latter is implemented on top of SSLSocket.

With this release, we have reached the point where the engine-based socket is now the default in the Android platform in the Android 11 Developer Preview releases.  There is still some way to go before we have full feature parity on on non-Android platforms, but bug reports in this area are very welcome.

To use the engine-based implementation either set the Java property org.conscrypt.useEngineSocketByDefault to true, or call Conscrypt.setUseEngineSocketByDefault().

Known issues:-

* There is at least one corner case (SSLSocket wrapping a Socket with autoClose set to false and not running on Android) where a thread blocked in an IO system call will never be awoken if another thread closes the SSLSocket.  This should not be a problem for "unwrapped" sockets or where autoClose is set to true.

* write timeouts and handshake timeouts are currently unimplemented no-ops.  Handshake timeouts may never be implemented.  And of course there are no public APIs for these.

* The SSLSocket API contracts remain unchanged but the timing and exact type of thrown exceptions may vary between implementations.

Other fixes:

* Support OIDs as EC curve names for better interoperability

* Allow the ability to set the default TLS version

* Store ALPN info in SSL session snapshots to allow access after the session terminates

* Migrate to Gradle 5.6.x

* Migrate to maven-publish for publishing

* Many lint fixes

[lukenb...@gmail.com]

Hi

Did https://github.com/google/conscrypt/issues/711 get fixed in 2.4.0 I think originally it was to be fixed in 2.3.0

-Luke

[Kenny Root]

Yes, the fix is in there. If you still see issues, please open another issue and we'll look into it.

--
You received this message because you are subscribed to the Google Groups "conscrypt" group.
To unsubscribe from this group and stop receiving emails from it, send an email to conscrypt+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/conscrypt/6763da59-cc29-48ae-89d9-f3e8236759ae%40googlegroups.com.