Download
Conscrypt is a modern TLS/SSL provider for Java that replaces the default JCE/JCA crypto stack with one backed by BoringSSL for better performance and security posture. It is implemented as a drop-in SecurityProvider, so applications and frameworks can opt in without changing high-level HTTPS or socket code. The provider focuses on contemporary protocol hygiene—up-to-date cipher suite selection, ALPN, session resumption, and hardened defaults—so Java servers and clients negotiate secure connections by construction. Because it builds on BoringSSL’s audited primitives and constant-time implementations, it reduces the risk of subtle side-channel issues while improving handshake and bulk crypto throughput. Conscrypt also exposes platform accelerations (like AES-GCM and ChaCha20-Poly1305) and supports features important to HTTP/2 and HTTP/3 stacks. Its goal is pragmatic: deliver a fast, well-maintained TLS provider that behaves like modern browsers and mobile stacks.
Features
- Drop-in JCA/JCE security provider backed by BoringSSL
- Modern TLS defaults with ALPN, session tickets, and strong ciphers
- Optimized AES-GCM and ChaCha20-Poly1305 paths for high throughput
- HTTP/2-friendly handshake behavior and certificate handling
- Compatible with standard Java SSLSocket/SSLEngine APIs
- Regular updates tracking protocol and cipher best practices
Project Samples
