1. Home
  2. /
  3. Download
  4. /
  5. Download Bouncy Castle Java LTS

Download Bouncy Castle for Java LTS

Welcome to the download page for Bouncy Castle Java LTS. In addition to the available access options, including Maven Central, direct download, and GitHub, you will find searchable release notes and links to API and other documentation. Use the Java long-term support (LTS) version of the Bouncy Castle APIs when long-term stability is crucial for your application, providing a reliable and secure foundation over an extended period.

Bouncy Castle Java
hero-sub-2

GitHub

Access Bouncy Castle APIs Java LTS package on GitHub, where you can also report issues, join discussions, and contribute to the software.

Documentation

Check out the Bouncy Castle for Java documentation, including the LTS documentation for clear guidance and examples.

Join the discussion

You can ask questions and learn from specialists in the Bouncy Castle Java forum on GitHub Discussions. We highly appreciate and value your input.

Report an issue

If you encounter any issues that require attention, feel free to report them in our GitHub repository. 

Release notes

Find out detailed information about the latest release and search in older release notes.

Beta testing

The current working betas, when available, for the next release for JDK 1.8 and later can be found here. If you need a beta to be made available for another version of Java please ask by emailing feedback-crypto@bouncycastle.org.

Donate to support the Bouncy Castle APIs

Supporting Bouncy Castle is now a substantial effort, the Java API is now over 300,000 lines, the C# one well past 140,000.

Bouncy Castle Java LTS Downloads

The LTS release is based off BC 1.73. Where possible it has been updated from the regular BC Java release, but avoiding changes which might break existing API. For this reason the LTS release does not currently include the PQC algorithms, although we expect to add them once they stabilize.

The 2.73.X Java LTS release will be updated in general until the end of 2027, with security only patches till the end of 2028. The next LTS cycle will begin in 2027. Users looking to extend the 2.73.X Java LTS release beyond 2028 can do so via our support program.

Except where otherwise stated, this software is distributed under the regular Bouncy Castle license. For full details of other licenses involved, see Third party licenses

Distribution Files (JAR format)

The current release is BC-LTS 2.73.9.

Release notes

Find out detailed information about the Java LTS releases. 

Release 2.73.9
17 September, 2025
Defects Fixed TLS: Avoid nonce reuse error in JCE AEAD workaround for pre-Java7. BCJSSE: Session binding map is now shared across all stages of the session...

Defects Fixed

  • TLS: Avoid nonce reuse error in JCE AEAD workaround for pre-Java7.
  • BCJSSE: Session binding map is now shared across all stages of the session lifecycle (SunJSSE compatibility).
  • The CMCEPrivateKeyParameters#reconstructPublicKey method was returning an empty byte array. It now returns an encoding of the public key.
  • CBZip2InputStream no longer auto-closes at end-of-contents.
  • The BC CertPath implementation was eliminating certificates on the bases of the Key-ID. This is not in accordance with RFC 4158 and has been fixed.
  • Support for the previous set of libOQS Falcon OIDs has been restored.
  • The BC CipherInputStream could throw an exception if asked to handle an AEAD stream consisting of the MAC only. This has been fixed.
  • Some KeyAgreement classes were missing in the Java 11 class hierarchy. This has been fixed.
  • A typo in a constant name in the HPKE class has been fixed and the old constant deprecated.
  • Fuzzing analysis has been done on the OpenPGP API and additional code has been added to prevent escaping exceptions.

Additional Features and Functionality

  • SHA3Digest, CSHAKE, TupleHash, KMAC now provide support for Memoable and EncodableService.
  • BCJSSE: Added support for integrity-only cipher suites in TLS 1.3 per RFC 9150.
  • BCJSSE: Added support for system properties "jdk.tls.client.maxInboundCertificateChainLength" and "jdk.tls.server.maxInboundCertificateChainLength".
  • BCJSSE: Added support for ML-DSA signature schemes in TLS 1.3 per draft-ietf-tls-mldsa-00.
  • The Composite post-quantum signatures implementation has been updated to the latest draft (07) draft-ietf-lamps-pq-composite-sigs.
  • "_PREHASH" implementations are now provided for all composite signatures to allow the hash of the data to be used instead of the actual data in signature calculation.
  • The gradle build can now be used to generate an Bill of Materials (BOM) file.
  • It is now possible to configure the SignerInfoVerifierBuilder used by the SignedMailValidator class.
  • Composite signature keys can now be constructed from the individual keys of the algorithms composing the composite.
  • PGPSecretKey, PGPSignatureGenerator now support version 6.
  • Further optimisation work has been done on ML-KEM public key validation.
  • Zeroization of passwords in the JCA PKCS12 key store has been improved.
  • The "org.bouncycastle.drbg.effective_256bits_entropy" property has been added for platforms where the entropy source is not producing 1 full bit of entropy per bit and additional bits are required (default value 282).
  • OpenPGPKeyGenerator now allows for the use of empty UserIDs (version 4 compatibility).

Additional Notes

  • The legacy post-quantum package has now been removed.