1*cd0cc2e3SAndroid Build Coastguard WorkerConscrypt Implementation Notes 2*cd0cc2e3SAndroid Build Coastguard Worker======================================== 3*cd0cc2e3SAndroid Build Coastguard Worker 4*cd0cc2e3SAndroid Build Coastguard WorkerConscrypt has made some uncommon implementation choices which it's useful to be 5*cd0cc2e3SAndroid Build Coastguard Workeraware of. 6*cd0cc2e3SAndroid Build Coastguard Worker 7*cd0cc2e3SAndroid Build Coastguard Worker## TLS 1.3 Cipher Suites 8*cd0cc2e3SAndroid Build Coastguard Worker 9*cd0cc2e3SAndroid Build Coastguard WorkerThe supported cipher suites in TLS 1.3 are always enabled. Attempts to disable 10*cd0cc2e3SAndroid Build Coastguard Workerthem by omitting them from calls to 11*cd0cc2e3SAndroid Build Coastguard Worker[`setEnabledCipherSuites()`](https://docs.oracle.com/javase/9/docs/api/javax/net/ssl/SSLSocket.html#setEnabledCipherSuites-java.lang.String:A-) 12*cd0cc2e3SAndroid Build Coastguard Workerare ignored. 13*cd0cc2e3SAndroid Build Coastguard Worker 14*cd0cc2e3SAndroid Build Coastguard Worker## Hostname Verification 15*cd0cc2e3SAndroid Build Coastguard Worker 16*cd0cc2e3SAndroid Build Coastguard WorkerPrior to version 2.5.0 Conscrypt's hostname verification (enabled by 17*cd0cc2e3SAndroid Build Coastguard Worker[`setEndpointIdentificationAlgorithm("HTTPS")`](https://docs.oracle.com/javase/9/docs/api/javax/net/ssl/SSLParameters.html#setEndpointIdentificationAlgorithm-java.lang.String-)) 18*cd0cc2e3SAndroid Build Coastguard Workerdefers entirely to the underlying platform's `HttpsURLConnection` hostname verifier. 19*cd0cc2e3SAndroid Build Coastguard Worker 20*cd0cc2e3SAndroid Build Coastguard WorkerThe default `HostnameVerifier` on OpenJDK rejects all hostnames, and 21*cd0cc2e3SAndroid Build Coastguard Workerso a `HostnameVerifier` or `ConscryptHostnameVerifier` 22*cd0cc2e3SAndroid Build Coastguard Workermust be set in order to use hostname verification on OpenJDK. On Android, the default 23*cd0cc2e3SAndroid Build Coastguard Worker`HostnameVerifier` performs [RFC 2818](https://tools.ietf.org/html/rfc2818) 24*cd0cc2e3SAndroid Build Coastguard Workerhostname validation, so it will work out of the box. 25*cd0cc2e3SAndroid Build Coastguard Worker 26*cd0cc2e3SAndroid Build Coastguard WorkerAs of version 2.5.0, Conscrypt ships with its own default `ConscryptHostnameVerifier` 27*cd0cc2e3SAndroid Build Coastguard Workerand this is used on both Android and OpenJDK. It performs RFC 2818 verification 28*cd0cc2e3SAndroid Build Coastguard Workerand is equivalent to the system `HostnameVerifier` on Android 10 and 11. 29*cd0cc2e3SAndroid Build Coastguard Worker 30*cd0cc2e3SAndroid Build Coastguard Worker## AEAD Ciphers 31*cd0cc2e3SAndroid Build Coastguard Worker 32*cd0cc2e3SAndroid Build Coastguard WorkerConscrypt's AEAD ciphers do not support incremental processing (i.e. they will 33*cd0cc2e3SAndroid Build Coastguard Workeralways return null from calls to 34*cd0cc2e3SAndroid Build Coastguard Worker[`update()`](https://docs.oracle.com/javase/9/docs/api/javax/crypto/Cipher.html#update-byte:A-)). 35*cd0cc2e3SAndroid Build Coastguard WorkerInput is only processed on a call to 36*cd0cc2e3SAndroid Build Coastguard Worker[`doFinal()`](https://docs.oracle.com/javase/9/docs/api/javax/crypto/Cipher.html#doFinal--). 37*cd0cc2e3SAndroid Build Coastguard WorkerThis ensures that the caller cannot work with output data before the 38*cd0cc2e3SAndroid Build Coastguard Workerauthenticator has been processed, but it also means that the input data must be 39*cd0cc2e3SAndroid Build Coastguard Workerbuffered completely for each operation. This may necessitate splitting larger 40*cd0cc2e3SAndroid Build Coastguard Workerinputs into chunks; see the [BoringSSL 41*cd0cc2e3SAndroid Build Coastguard Workerdocs](https://commondatastorage.googleapis.com/chromium-boringssl-docs/aead.h.html) 42*cd0cc2e3SAndroid Build Coastguard Workerfor a discussion of important factors in doing so safely. 43*cd0cc2e3SAndroid Build Coastguard Worker 44*cd0cc2e3SAndroid Build Coastguard Worker## OAEP Digests 45*cd0cc2e3SAndroid Build Coastguard Worker 46*cd0cc2e3SAndroid Build Coastguard WorkerConscrypt's OAEP ciphers (eg, `RSA/ECB/OAEPWithSHA-256AndMGF1Padding`) use the 47*cd0cc2e3SAndroid Build Coastguard Workernamed digest for both the main digest and the MGF1 digest. This differs from 48*cd0cc2e3SAndroid Build Coastguard Workerthe behavior of some other providers, including the ones bundled with OpenJDK, 49*cd0cc2e3SAndroid Build Coastguard Workerwhich always use SHA-1 for the MGF1 digest. For maximum compatibility, you 50*cd0cc2e3SAndroid Build Coastguard Workershould use `RSA/ECB/OAEPPadding` and initialize it with an 51*cd0cc2e3SAndroid Build Coastguard Worker[`OAEPParameterSpec`](https://docs.oracle.com/javase/9/docs/api/javax/crypto/spec/OAEPParameterSpec.html). 52