http://www.rtfm.com/puretls/ Claymore Systems, Inc. is pleased to announce the availability of PureTLS 0.9a2. PureTLS is a free pure Java implementation of TLS and SSLv3. This is the second Alpha release of PureTLS. We consider the code quality to be late Alpha. That is to say, it's undergone some testing, including interoperability testing with OpenSSL, and we think it's a useful product. Some bugs have been fixed since Alpha 1, but there are certainly still bugs. We expect to produce a beta-quality product by mid-September, (We'd been hoping to do it earlier, but things got busy) but to do that we need people to try it and send us bug reports. This version makes a number of changes from Alpha 1, including fixing a serious security problem. If you're using Alpha 1, please upgrade. PureTLS is released under a BSD-style license. Quite simply, we feel that good security should be a commodity, and this is our contribution to that end. CHANGES FROM ALPHA 1 PureTLS now works with Cryptix 3.1 and JDK 1.2. A horribly embarrasing packaging oversight has been fixed. Alpha 1 included test-only code that always verified every signature on a certificate as true. Obviously, this is a major security hole and it's been fixed in Alpha 2. X509Cert now includes support for extensions. Several failure modes are now cleaner. In particular, if client auth is requested but not available, an exception is thrown instead of a null pointer error. For details and to download, see: http://www.rtfm.com/puretls/
