Merge upstream master

Major changes:

* TLS 1.3 support
* Support RSA-PSS signatures with opaque keys
* Support supported_signature_algorithms in TLS handshake
* Improve error reporting when native library loading fails
* Refactor TrustManagerFactoryImpl a bit
* Reduce warnings from missing FDs
* Merge ConscryptSocketBase into AbstractConscryptSocket
* Fix a file descriptor leak

Bug: 110403171
Test: cts -m CtsLibcoreTestCases
Test: cts -m CtsLibcoreOkHttpTestCases
Test: cts -m CtsLibcoreWycheproofConscryptTestCases
Change-Id: I621a5a1e604930ba945b4f8619fd94e29bab3790
tree: e016c890f9924f5bf4cc62f3ec47900317a01db6
  1. .clang-format
  2. .gitignore
  3. .travis.yml
  4. Android.bp
  8. CPPLINT.cfg
  11. NOTICE
  12. OWNERS
  13. PREUPLOAD.cfg
  15. android-stub/
  16. android/
  17. api-doclet/
  18. appveyor.yml
  19. benchmark-android/
  20. benchmark-base/
  21. benchmark-graphs/
  22. benchmark-jmh/
  23. build.gradle
  24. common/
  25. constants/
  26. gradle/
  27. gradlew
  28. gradlew.bat
  29. jarjar-rules.txt
  30. libcore-stub/
  31. licenses/
  32. openjdk-integ-tests/
  33. openjdk-uber/
  34. openjdk/
  35. platform/
  36. release/
  37. settings.gradle
  39. testing/

Conscrypt - A Java Security Provider

Conscrypt is a Java Security Provider (JSP) that implements parts of the Java Cryptography Extension (JCE) and Java Secure Socket Extension (JSSE). It uses BoringSSL to provide cryptographic primitives and Transport Layer Security (TLS) for Java applications on Android and OpenJDK. See the capabilities documentation for detailed information on what is provided.

The core SSL engine has borrowed liberally from the Netty project and their work on netty-tcnative, giving Conscrypt similar performance.


Conscrypt supports Java 6 or later on OpenJDK and Gingerbread (API Level 9) or later on Android. The build artifacts are available on Maven Central.

Download JARs

You can download the JARs directly from the Maven repositories.

OpenJDK (i.e. non-Android)

Native Classifiers

The OpenJDK artifacts are platform-dependent since each embeds a native library for a particular platform. We publish artifacts to Maven Central for the following platforms:

linux-x86_64Linuxx86_64 (64-bit)
osx-x86_64Macx86_64 (64-bit)
windows-x86Windowsx86 (32-bit)
windows-x86_64Windowsx86_64 (64-bit)


Use the os-maven-plugin to add the dependency:




Use the osdetector-gradle-plugin (which is a wrapper around the os-maven-plugin) to add the dependency:

buildscript {
  repositories {
  dependencies {
    classpath ''

// Use the osdetector-gradle-plugin
apply plugin: ""

dependencies {
  compile 'org.conscrypt:conscrypt-openjdk:1.2.0:' + osdetector.classifier

Uber JAR

For convenience, we also publish an Uber JAR to Maven Central that contains the shared libraries for all of the published platforms. While the overall size of the JAR is larger than depending on a platform-specific artifact, it greatly simplifies the task of dependency management for most platforms.

To depend on the uber jar, simply use the conscrypt-openjdk-uber artifacts.

dependencies {
  compile 'org.conscrypt:conscrypt-openjdk-uber:1.2.0'


The Android AAR file contains native libraries for x86, x86_64, armeabi-v7a, and arm64-v8a.


dependencies {
  compile 'org.conscrypt:conscrypt-android:1.2.0'

How to Build

If you are making changes to Conscrypt, see the building instructions.