PureTLS implements the SSLv3 and TLSv1 protocols, with a number of cipher suites. Both client authentication and renegotiation are supported. PureTLS is able to read keys out of a subset of OpenSSL-style keyfiles, which makes generating keying material easy (i.e., use OpenSSL). No support for key generation is currently provided, but it may be provided in a future release.
Release Notes: This bugfix release included protection against timing attacks on RSA (Boneh-Brumley/Kocher) and CBC padding (Vaudenay). Server users and clients that do client authentication should upgrade. Client-only users may not need to.
Release Notes: This release has protection from injection attacks. There are two new build systems using make and ant instead of shell/batch files. An SSLv2 backcompatibility handshake, Socket.close() in close, a JDK 1.3X port, SSLSocket/Socket separation, a new constructor for SSLSocket that lets you wrap an existing socket, and SHA-1 with RSA certs were added. Automatic DH key generation was removed. Key generation (SPKAC, PKCS-10, self-signed certs) was added, and a lot of bugs were fixed.