Bump bcprov-jdk15on from 1.64 to 1.65

[dependabot-preview]

Bumps bcprov-jdk15on from 1.64 to 1.65.

Changelog

Sourced from bcprov-jdk15on's changelog.

<title>Bouncy Castle Crypto Package - Release Notes</title>

Bouncy Castle Crypto Package - Release Notes

1.0 Introduction

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. The package is organised so that it contains a light-weight API suitable for use in any environment (including the J2ME) with the additional infrastructure to conform the algorithms to the JCE framework.

2.0 Release History

2.1.1 Version

Release: 1.65
Date:      2020, March 31st.

2.1.2 Defects Fixed

• DLExternal would encode using DER encoding for tagged SETs. This has been fixed.
• ChaCha20Poly1305 could fail for large (>~2GB) files. This has been fixed.
• ChaCha20Poly1305 could fail for small updates when used via the provider. This has been fixed.
• Properties.getPropertyValue could ignore system property when other local overrides set. This has been fixed.
• The entropy gathering thread was not running in daemon mode, meaning there could be a delay in an application shutting down due to it. This has been fixed.
• A recent change in Java 11 could cause an exception with the BC Provider's implementation of PSS. This has been fixed.
• BCJSSE: TrustManager now tolerates having no trusted certificates.
• BCJSSE: Choice of credentials and signing algorithm now respect the peer's signature_algorithms extension properly.
• BCJSSE: KeyManager for KeyStoreBuilderParameters no longer leaks memory.

2.1.3 Additional Features and Functionality

• LMS and HSS (RFC 8554) support has been added to the low level library and the PQC provider.
• BCJSSE: BC API now supports explicitly specifying the session to resume.
• BCJSSE: Ed25519, Ed448 are now supported when TLS 1.2 or higher is negotiated (except in FIPS mode).
• BCJSSE: Added support for extended_master_secret system properties: jdk.tls.allowLegacyMasterSecret, jdk.tls.allowLegacyResumption, jdk.tls.useExtendedMasterSecret .
• BCJSSE: Ed25519, Ed448 are now supported when TLS 1.2 or higher is negotiated (except in FIPS mode).
• BCJSSE: KeyManager and TrustManager now check algorithm constraints for keys and certificate chains.
• BCJSSE: KeyManager selection of server credentials now prefers matching SNI hostname (if any).
• BCJSSE: KeyManager may now fallback to imperfect credentials (expired, SNI mismatch).
• BCJSSE: Client-side OCSP stapling support (beta version: via status_request extension only, provides jdk.tls.client.enableStatusRequestExtension, and requires CertPathBuilder support).
... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If all status checks pass Dependabot will automatically merge this pull request.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

• Update frequency
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

One of your CI runs failed on this pull request, so Dependabot won't merge it.

• Fetcher tests

Dependabot will still automatically merge this pull request if you amend it and your tests pass.