|
| 1 | +# Evolving Conscrypt's Open Source Approach |
| 2 | + |
| 3 | +Hello Conscrypt Developers, |
| 4 | + |
| 5 | +We're refining our **open source strategy for Conscrypt** to ensure its long-term health and sustainability. To optimize our development efforts and focus resources, we are making some changes to how Conscrypt is developed and how we handle contributions. The primary development of Conscrypt will now be done internally at Google. While we value community input, we will no longer be able to accept external contributions in the form of pull requests on the GitHub repository. This change allows us to better allocate resources to core development and ensure the project's long-term sustainability. To ensure transparency and continued access for the community, we will: |
| 6 | + |
| 7 | +* **Continue Mirroring to GitHub:** All internal changes will be regularly mirrored to the public GitHub repository. Note that mirroring to GitHub might be paused for a short period of time during the transition to internal development. |
| 8 | +* **Maintain Bug Reporting Channels:** Please keep reporting bugs through GitHub Issues. For Android-specific bugs, the Android Issue Tracker is the place to go: [Report Bugs](https://source.android.com/docs/setup/contribute/report-bugs). |
| 9 | + |
| 10 | +### What’s staying the same |
| 11 | + |
| 12 | +The platform version of Conscrypt receives regular updates, including the latest features and security patches, through the Google Play system updates program (Project Mainline). This means that even devices running older Android versions can benefit from the most recent Conscrypt improvements without requiring a full OS update. |
| 13 | + |
| 14 | +### What’s changing |
| 15 | + |
| 16 | +As part of this shift, we will no longer be able to accept external pull requests on GitHub. |
| 17 | + |
| 18 | +### What do you need to do |
| 19 | + |
| 20 | +* Immediately, nothing. |
| 21 | +* For Android developers, we recommend leveraging the Conscrypt version built into the Android platform, which is also the default provider. |
| 22 | + |
| 23 | +We appreciate the Conscrypt community and look forward to continuing to offer a secure and efficient security provider. |
| 24 | + |
| 25 | +## Guidance for Android App Developers: |
| 26 | + |
| 27 | +Most Android devices include Conscrypt as a core part of the platform's security providers. The Java Cryptography Architecture (JCA) framework allows for multiple security providers, and the system selects one when you request a cryptographic algorithm implementation (like Cipher, SSLContext, MessageDigest, etc.). |
| 28 | + |
| 29 | +### Using the Platform Version (Recommended): |
| 30 | + |
| 31 | +To use the platform-provided Conscrypt, you generally don't need to do anything specific. When requesting an algorithm, omit the provider name. The Android system will automatically select the highest-priority provider that offers the requested algorithm, which is typically the built-in Conscrypt. |
| 32 | + |
| 33 | +*Example (Java):* |
| 34 | + |
| 35 | +```java |
| 36 | +import javax.net.ssl.SSLContext; |
| 37 | +import java.security.Security; |
| 38 | +import java.security.Provider; |
| 39 | + |
| 40 | +try { |
| 41 | + // Get an SSLContext instance using the default highest-priority provider |
| 42 | + SSLContext sslContext = SSLContext.getInstance("TLS"); |
| 43 | + // Initialize and use sslContext |
| 44 | + |
| 45 | + // Example: Listing providers to see what's available |
| 46 | + // Provider[] providers = Security.getProviders(); |
| 47 | + // for (Provider provider : providers) { |
| 48 | + // System.out.println("Provider: " + provider.getName()); |
| 49 | + // } |
| 50 | +} catch (NoSuchAlgorithmException e) { |
| 51 | + // Handle exception |
| 52 | + e.printStackTrace(); |
| 53 | +} |
| 54 | +``` |
| 55 | + |
| 56 | +*Example (Kotlin):* |
| 57 | + |
| 58 | +```kotlin |
| 59 | +import javax.net.ssl.SSLContext |
| 60 | +import java.security.Security |
| 61 | +import java.security.Provider |
| 62 | + |
| 63 | +try { |
| 64 | + // Get an SSLContext instance using the default highest-priority provider |
| 65 | + val sslContext = SSLContext.getInstance("TLS") |
| 66 | + // Initialize and use sslContext |
| 67 | + |
| 68 | + // Example: Listing providers to see what's available |
| 69 | + // val providers = Security.getProviders() |
| 70 | + // providers.forEach { provider -> |
| 71 | + // println("Provider: ${provider.name}") |
| 72 | + // } |
| 73 | +} catch (e: NoSuchAlgorithmException) { |
| 74 | + // Handle exception |
| 75 | + e.printStackTrace() |
| 76 | +} |
| 77 | +``` |
| 78 | + |
| 79 | +By *not* specifying a provider name in getInstance() calls, you rely on the Android system's default provider order, ensuring you use the up-to-date and maintained version of Conscrypt that is part of the Android platform. |
| 80 | + |
1 | 81 | Conscrypt - A Java Security Provider |
2 | 82 | ======================================== |
3 | 83 |
|
|
0 commit comments