From b2446db9cce193ce942894899eacc76db8b37b14 Mon Sep 17 00:00:00 2001
From: David Hook <dgh@cryptoworkshop.com>
Date: Fri, 20 Nov 2020 14:11:41 +1100
Subject: [PATCH] github#818 http to https conversion.

---
 CONTRIBUTORS.html                                      | 10 +++++-----
 README.md                                              |  2 +-
 .../bouncycastle/asn1/eac/EACObjectIdentifiers.java    |  2 +-
 .../asn1/isismtt/x509/AdmissionSyntax.java             |  4 ++--
 .../asn1/teletrust/TeleTrusTNamedCurves.java           |  2 +-
 .../java/org/bouncycastle/asn1/x509/KeyPurposeId.java  |  4 ++--
 .../org/bouncycastle/asn1/x509/PolicyMappings.java     |  2 +-
 .../bouncycastle/crypto/digests/RIPEMD160Digest.java   |  2 +-
 .../org/bouncycastle/crypto/digests/TigerDigest.java   |  4 ++--
 .../crypto/engines/CamelliaWrapEngine.java             |  2 +-
 .../bouncycastle/crypto/engines/DESedeWrapEngine.java  |  4 ++--
 .../org/bouncycastle/crypto/engines/HC128Engine.java   |  4 ++--
 .../org/bouncycastle/crypto/engines/HC256Engine.java   |  4 ++--
 .../org/bouncycastle/crypto/engines/ISAACEngine.java   |  2 +-
 .../crypto/engines/NaccacheSternEngine.java            |  4 ++--
 .../org/bouncycastle/crypto/engines/RC2WrapEngine.java |  4 ++--
 .../org/bouncycastle/crypto/engines/RC532Engine.java   |  2 +-
 .../org/bouncycastle/crypto/engines/RC564Engine.java   |  2 +-
 .../bouncycastle/crypto/engines/RFC3394WrapEngine.java |  2 +-
 .../bouncycastle/crypto/engines/SEEDWrapEngine.java    |  2 +-
 .../org/bouncycastle/crypto/engines/SerpentEngine.java |  2 +-
 .../org/bouncycastle/crypto/engines/TnepresEngine.java |  2 +-
 .../org/bouncycastle/crypto/engines/Zuc128Engine.java  |  2 +-
 .../bouncycastle/crypto/engines/Zuc256CoreEngine.java  |  2 +-
 .../org/bouncycastle/crypto/engines/Zuc256Engine.java  |  2 +-
 .../generators/NaccacheSternKeyPairGenerator.java      |  2 +-
 .../crypto/generators/PKCS12ParametersGenerator.java   |  2 +-
 .../crypto/generators/PKCS5S1ParametersGenerator.java  |  2 +-
 .../crypto/generators/PKCS5S2ParametersGenerator.java  |  2 +-
 .../java/org/bouncycastle/crypto/macs/Zuc128Mac.java   |  2 +-
 .../java/org/bouncycastle/crypto/macs/Zuc256Mac.java   |  2 +-
 .../org/bouncycastle/crypto/modes/EAXBlockCipher.java  |  2 +-
 .../bouncycastle/crypto/modes/G3413CBCBlockCipher.java |  2 +-
 .../bouncycastle/crypto/modes/G3413CFBBlockCipher.java |  2 +-
 .../bouncycastle/crypto/modes/G3413OFBBlockCipher.java |  2 +-
 .../org/bouncycastle/crypto/modes/OCBBlockCipher.java  |  2 +-
 .../crypto/modes/OpenPGPCFBBlockCipher.java            |  2 +-
 .../bouncycastle/crypto/modes/PGPCFBBlockCipher.java   |  2 +-
 .../org/bouncycastle/crypto/params/DESParameters.java  |  2 +-
 .../params/NaccacheSternKeyGenerationParameters.java   |  2 +-
 .../crypto/params/NaccacheSternKeyParameters.java      |  2 +-
 .../params/NaccacheSternPrivateKeyParameters.java      |  2 +-
 .../org/bouncycastle/pqc/crypto/ntru/NTRUSigner.java   |  4 ++--
 .../pqc/math/linearalgebra/GF2nPolynomialElement.java  |  2 +-
 core/src/test/data/rfc4134/rfc4134.txt                 |  2 +-
 .../asn1/test/EncryptedPrivateKeyInfoTest.java         |  2 +-
 .../java/org/bouncycastle/asn1/test/X500NameTest.java  |  2 +-
 .../java/org/bouncycastle/asn1/test/X509NameTest.java  |  2 +-
 .../org/bouncycastle/crypto/test/BlowfishTest.java     |  2 +-
 .../java/org/bouncycastle/crypto/test/CAST5Test.java   |  2 +-
 .../java/org/bouncycastle/crypto/test/CAST6Test.java   |  2 +-
 .../java/org/bouncycastle/crypto/test/CMacTest.java    |  2 +-
 .../java/org/bouncycastle/crypto/test/DESTest.java     |  6 +++---
 .../org/bouncycastle/crypto/test/ECGOST3410Test.java   |  8 ++++----
 .../org/bouncycastle/crypto/test/HCFamilyTest.java     |  4 ++--
 .../org/bouncycastle/crypto/test/HCFamilyVecTest.java  |  4 ++--
 .../java/org/bouncycastle/crypto/test/ISAACTest.java   |  2 +-
 .../org/bouncycastle/crypto/test/KeccakDigestTest.java |  2 +-
 .../java/org/bouncycastle/crypto/test/MacTest.java     |  6 +++---
 .../bouncycastle/crypto/test/NaccacheSternTest.java    |  4 ++--
 .../java/org/bouncycastle/crypto/test/PKCS12Test.java  |  4 ++--
 .../java/org/bouncycastle/crypto/test/PKCS5Test.java   |  3 +--
 .../java/org/bouncycastle/crypto/test/SCryptTest.java  |  2 +-
 .../java/org/bouncycastle/crypto/test/SEEDTest.java    |  2 +-
 .../java/org/bouncycastle/crypto/test/TEATest.java     |  2 +-
 .../java/org/bouncycastle/crypto/test/XTEATest.java    |  2 +-
 .../java/org/bouncycastle/crypto/test/ZucTest.java     |  2 +-
 docs/releasenotes.html                                 |  2 +-
 docs/specifications.html                               |  6 +++---
 index.html                                             |  8 ++++----
 .../main/java/javax/crypto/spec/PBEParameterSpec.java  |  2 +-
 jce/src/main/java/javax/crypto/spec/PSource.java       |  2 +-
 .../main/java/javax/crypto/spec/RC2ParameterSpec.java  |  2 +-
 .../main/java/javax/crypto/spec/RC5ParameterSpec.java  |  4 ++--
 .../bouncycastle/mail/smime/test/multi-alternative.eml |  2 +-
 .../org/bouncycastle/apache/bzip2/BZip2Constants.java  |  2 +-
 .../bouncycastle/apache/bzip2/CBZip2InputStream.java   |  4 ++--
 .../bouncycastle/apache/bzip2/CBZip2OutputStream.java  |  4 ++--
 .../main/java/org/bouncycastle/apache/bzip2/CRC.java   |  2 +-
 .../org/bouncycastle/openpgp/test/PGPKeyRingTest.java  |  2 +-
 .../org/bouncycastle/openpgp/test/PGPKeyRingTest.java  |  2 +-
 .../javadoc/org/bouncycastle/cert/cmp/package.html     |  2 +-
 .../org/bouncycastle/cert/crmf/jcajce/package.html     |  2 +-
 .../javadoc/org/bouncycastle/cert/crmf/package.html    |  2 +-
 .../javadoc/org/bouncycastle/cert/jcajce/package.html  |  2 +-
 .../org/bouncycastle/cert/ocsp/jcajce/package.html     |  2 +-
 .../javadoc/org/bouncycastle/cert/ocsp/package.html    |  2 +-
 .../org/bouncycastle/cert/selector/package.html        |  2 +-
 .../main/javadoc/org/bouncycastle/pkcs/bc/package.html |  2 +-
 .../javadoc/org/bouncycastle/pkcs/jcajce/package.html  |  2 +-
 .../main/javadoc/org/bouncycastle/pkcs/package.html    |  2 +-
 .../org/bouncycastle/mime/test/multi-alternative.eml   |  2 +-
 .../java/org/bouncycastle/jce/provider/BrokenPBE.java  |  2 +-
 .../org/bouncycastle/x509/util/LDAPStoreHelper.java    |  2 +-
 .../org/bouncycastle/x509/util/LDAPStoreHelper.java    |  2 +-
 .../org/bouncycastle/jce/provider/test/CMacTest.java   |  2 +-
 .../bouncycastle/jce/provider/test/FIPSDESTest.java    |  2 +-
 .../org/bouncycastle/jce/provider/test/MacTest.java    |  4 ++--
 .../org/bouncycastle/jce/provider/test/PKIXTest.java   |  6 +++---
 tls/docs/GnuTLSSetup.html                              |  8 ++++----
 tls/docs/OpenSSLSetup.html                             |  4 ++--
 101 files changed, 140 insertions(+), 141 deletions(-)

diff --git a/CONTRIBUTORS.html b/CONTRIBUTORS.html
index 089bf6a6e6..a234fa20ab 100644
--- a/CONTRIBUTORS.html
+++ b/CONTRIBUTORS.html
@@ -83,15 +83,15 @@
 </p>
 <ul>
 <li>Holders of <a href="https://www.cryptoworkshop.com">Crypto Workshop Support Contracts</a>. Without the consulting time left over from support contracts being contributed back to working on the Bouncy Castle APIs, progress would be impossible. You know who you are!</li>
-<li><a href="http://www.atlassian.com/">Atlassian Software Systems</a> donation of Confluence and JIRA licences.</li>
-<li><a href="http://www.grierforensics.com/">Grier Forensics</a>, for collaborating in the development of the S/MIME Toolkit and DANE SMIMEA functionality.</li>
+<li><a href="https://www.atlassian.com/">Atlassian Software Systems</a> donation of Confluence and JIRA licences.</li>
+<li><a href="https://www.grierforensics.com/">Grier Forensics</a>, for collaborating in the development of the S/MIME Toolkit and DANE SMIMEA functionality.</li>
 <li>TU-Darmstadt, Computer Science Department, RBG, for the initial
 lightweight client side TLS implementation, which is based on MicroTLS and for help with qTESLA implementation. MicroTLS was developed by Erik Tews under the supervision of Dipl.-Ing. Henning Baer and Prof. Max Muehlhaeuser. qTESLA assistance was provided by Nina Bindel and Yinhua Xu.
 </li>
 <li>TU-Darmstadt, Computer Science Department, RBG, for the initial
 Post Quantum provider, which was based on the FlexiProvider. The FlexiProvider was developed
 by the Theoretical Computer Science Research Group at TU-Darmstadt, Computer Science Department, RBG under the supervision of Prof. Dr. Johannes Buchmann. More information on the history of FlexiProvider can be found at:
-<a href="http://www.flexiprovider.de/">http://www.flexiprovider.de/</a>
+<a href="https://www.flexiprovider.de/">https://www.flexiprovider.de/</a>
 </li>
 <li>Voxeo Labs - sponsorship of the initial development of APIs for DTLS 1.0 (RFC 4347), DTLS-SRTP key negotiation (RFC 5764),
 and server side TLS 1.1 (RFC 4346) and tested WebRTC compatibility. More information on Voxeo Labs can be found at <a href="http://voxeolabs.com">http://voxeolabs.com</a></li>
@@ -251,7 +251,7 @@
 <li>Albert Moliner &lt;amoliner&#064evintia.com&gt; - initial TSP implementation.</li>
 <li>Carlos Lozano &lt;carlos&#064evintia.com&gt; - initial TSP implementation, patch to SignerInformation for supporting repeated signers, initial updates for supporting repeated attributes in CMS.</li>
 <li>Javier Delgadillo &lt;javi&#064javi.codewarp.org&gt; - initial Mozilla PublicKeyAndChallenge classes.</li>
-<li>Joni Hahkala &lt;joni.hahkala&#064cern.ch&gt; - initial implementations of VOMS Attribute Certificate Validation, IetfAttrSyntax, and ObjectDigestInfo. We also wish to thank the <a href="http://www.eu-egee.org">EGEE project</a> for making the work available.</li>
+<li>Joni Hahkala &lt;joni.hahkala&#064cern.ch&gt; - initial implementations of VOMS Attribute Certificate Validation, IetfAttrSyntax, and ObjectDigestInfo. We also wish to thank the <a href="https://www.eu-egee.org">EGEE project</a> for making the work available.</li>
 <li>Rolf Schillinger&lt;rolf&#064sir-wum.de&gt; - initial implementation of Attribute Certificate generation.</li>
 <li>Sergey Bahtin &lt;Sergey_Bahtin&#064yahoo.com&gt; - fix for recovering certificate aliases in BKS and UBER key stores. Initial implementations of GOST-28147, GOST-3410, EC GOST-3410, GOST OFB mode (GOFB) and GOST-3411.</li>
 <li>Franck Leroy &lt;Franck.Leroy&#064keynectis.com&gt; - ANS.1 set sorting. Contributions to TSP implementation. Test vectors for Bleichenbacher's forgery attack.</li>
@@ -286,7 +286,7 @@
 <li>Kishimoto Kazuhiko &lt;kazu-k&#064hi-ho.ne.jp&gt; - RFC 3280 updates to policy processing in the CertPath validator. Additional test data not covered by NIST.</li>
 <li>Lawrence Tan &lt;lwrnctan&#064gmail.com&gt - Large field OID sample test data. Missing key types in JDKKeyFactory.</li>
 <li>Carlos Valiente &lt;superdupont&#064gmail.com&gt; - Addition of CRL writing to the PEMWriter class.</li>
-<li>Keyon AG, Martin Christinat, <a href="http://www.keyon.ch">http://www.keyon.ch</a> - fixing incorrect 
+<li>Keyon AG, Martin Christinat, <a href="https://www.keyon.ch">https://www.keyon.ch</a> - fixing incorrect
 ASN.1 encoding of field elements in X9FieldElement class.</li>
 <li>Olaf Keller, &lt;olaf.keller.bc&#064bluewin.ch&gt; - initial implementation of the elliptic curves over binary fields F2m. Additional tests and modifications to elliptic curve support for both F2m and Fp. Performance improvements to F2m multiplication. Initial implementation of WNAF/WTNAF point multiplication. Improvement to k value generation in ECDSA.</li>
 <li>J&ouml;rg Eichhorn &lt;eichhorn&#064ponton-consulting.de&gt; - patch to fix EOF read on SharedFileInputStream, support for F2m compression.</li>
diff --git a/README.md b/README.md
index c44fe95ec7..621b5f4f86 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@ The Legion also gratefully acknowledges the contributions made to this package b
 
 The package is organised so that it contains a light-weight API suitable for use in any environment (including the newly released J2ME) with the additional infrastructure to conform the algorithms to the JCE framework.
 
-Except where otherwise stated, this software is distributed under a license based on the MIT X Consortium license. To view the license, [see here](https://www.bouncycastle.org/licence.html). The OpenPGP library also includes a modified BZIP2 library which is licensed under the [Apache Software License, Version 2.0](http://www.apache.org/licenses/). 
+Except where otherwise stated, this software is distributed under a license based on the MIT X Consortium license. To view the license, [see here](https://www.bouncycastle.org/licence.html). The OpenPGP library also includes a modified BZIP2 library which is licensed under the [Apache Software License, Version 2.0](https://www.apache.org/licenses/). 
 
 **Note**: this source tree is not the FIPS version of the APIs - if you are interested in our FIPS version please contact us directly at  [office@bouncycastle.org](mailto:office@bouncycastle.org).
 
diff --git a/core/src/main/java/org/bouncycastle/asn1/eac/EACObjectIdentifiers.java b/core/src/main/java/org/bouncycastle/asn1/eac/EACObjectIdentifiers.java
index 805a50640d..35e65f5062 100644
--- a/core/src/main/java/org/bouncycastle/asn1/eac/EACObjectIdentifiers.java
+++ b/core/src/main/java/org/bouncycastle/asn1/eac/EACObjectIdentifiers.java
@@ -5,7 +5,7 @@
 /**
  * German Federal Office for Information Security
  * (Bundesamt f&uuml;r Sicherheit in der Informationstechnik)
- * <a href="http://www.bsi.bund.de/">http://www.bsi.bund.de/</a>
+ * <a href="https://www.bsi.bund.de/">https://www.bsi.bund.de/</a>
  * <p>
  * <a href="https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/TR03110/BSITR03110.html">BSI TR-03110</a>
  * Technical Guideline Advanced Security Mechanisms for Machine Readable Travel Documents
diff --git a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.java b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.java
index 538a2d0cdd..2aed65f4a3 100644
--- a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.java
+++ b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.java
@@ -67,8 +67,8 @@
  * component namingAuthorityId are grouped under the OID-branch
  * id-isis-at-namingAuthorities and must be applied for.
  * <li>See
- * http://www.teletrust.de/anwend.asp?Id=30200&amp;Sprache=E_&amp;HomePG=0 for
- * an application form and http://www.teletrust.de/links.asp?id=30220,11
+ * https://www.teletrust.de/anwend.asp?Id=30200&amp;Sprache=E_&amp;HomePG=0 for
+ * an application form and https://www.teletrust.de/links.asp?id=30220,11
  * for an overview of registered naming authorities.
  * <li> By means of the data type ProfessionInfo certain professions,
  * specializations, disciplines, fields of activity, etc. are identified. A
diff --git a/core/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves.java b/core/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves.java
index 5680b0bcc2..8d4a267d1f 100644
--- a/core/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves.java
+++ b/core/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves.java
@@ -15,7 +15,7 @@
 
 /**
  * Elliptic curves defined in "ECC Brainpool Standard Curves and Curve Generation"
- * http://www.ecc-brainpool.org/download/draft_pkix_additional_ecc_dp.txt
+ * https://www.ecc-brainpool.org/download/draft_pkix_additional_ecc_dp.txt
  */
 public class TeleTrusTNamedCurves
 {
diff --git a/core/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java b/core/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java
index f545d0b60b..18e056d3e9 100644
--- a/core/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java
+++ b/core/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java
@@ -123,12 +123,12 @@ public class KeyPurposeId
 
 
     /**
-     * Microsoft Server Gated Crypto (msSGC) see http://www.alvestrand.no/objectid/1.3.6.1.4.1.311.10.3.3.html
+     * Microsoft Server Gated Crypto (msSGC) see https://www.alvestrand.no/objectid/1.3.6.1.4.1.311.10.3.3.html
      */
     public static final KeyPurposeId id_kp_msSGC = new KeyPurposeId(new ASN1ObjectIdentifier("1.3.6.1.4.1.311.10.3.3"));
 
     /**
-     * Netscape Server Gated Crypto (nsSGC) see http://www.alvestrand.no/objectid/2.16.840.1.113730.4.1.html
+     * Netscape Server Gated Crypto (nsSGC) see https://www.alvestrand.no/objectid/2.16.840.1.113730.4.1.html
      */
     public static final KeyPurposeId id_kp_nsSGC = new KeyPurposeId(new ASN1ObjectIdentifier("2.16.840.1.113730.4.1"));
 
diff --git a/core/src/main/java/org/bouncycastle/asn1/x509/PolicyMappings.java b/core/src/main/java/org/bouncycastle/asn1/x509/PolicyMappings.java
index 18f9c61b03..2ef26bc109 100644
--- a/core/src/main/java/org/bouncycastle/asn1/x509/PolicyMappings.java
+++ b/core/src/main/java/org/bouncycastle/asn1/x509/PolicyMappings.java
@@ -18,7 +18,7 @@
  *      subjectDomainPolicy     CertPolicyId }
  * </pre>
  *
- * @see <a href="http://www.faqs.org/rfc/rfc3280.txt">RFC 3280, section 4.2.1.6</a>
+ * @see <a href="https://www.faqs.org/rfc/rfc3280.txt">RFC 3280, section 4.2.1.6</a>
  */
 public class PolicyMappings
     extends ASN1Object
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/RIPEMD160Digest.java b/core/src/main/java/org/bouncycastle/crypto/digests/RIPEMD160Digest.java
index 20c81e688a..f79047a5e5 100644
--- a/core/src/main/java/org/bouncycastle/crypto/digests/RIPEMD160Digest.java
+++ b/core/src/main/java/org/bouncycastle/crypto/digests/RIPEMD160Digest.java
@@ -5,7 +5,7 @@
 
 /**
  * implementation of RIPEMD see,
- * http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
+ * https://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
  */
 public class RIPEMD160Digest
     extends GeneralDigest
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/TigerDigest.java b/core/src/main/java/org/bouncycastle/crypto/digests/TigerDigest.java
index 2899e305a6..e98af42e15 100644
--- a/core/src/main/java/org/bouncycastle/crypto/digests/TigerDigest.java
+++ b/core/src/main/java/org/bouncycastle/crypto/digests/TigerDigest.java
@@ -5,8 +5,8 @@
 
 /**
  * implementation of Tiger based on:
- * <a href="http://www.cs.technion.ac.il/~biham/Reports/Tiger">
- *  http://www.cs.technion.ac.il/~biham/Reports/Tiger</a>
+ * <a href="https://www.cs.technion.ac.il/~biham/Reports/Tiger">
+ *  https://www.cs.technion.ac.il/~biham/Reports/Tiger</a>
  */
 public class TigerDigest
     implements ExtendedDigest, Memoable
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/CamelliaWrapEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/CamelliaWrapEngine.java
index 5ca239a6a2..852271f256 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/CamelliaWrapEngine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/CamelliaWrapEngine.java
@@ -3,7 +3,7 @@
 /**
  * An implementation of the Camellia key wrapper based on RFC 3657/RFC 3394.
  * <p>
- * For further details see: <a href="http://www.ietf.org/rfc/rfc3657.txt">http://www.ietf.org/rfc/rfc3657.txt</a>.
+ * For further details see: <a href="https://www.ietf.org/rfc/rfc3657.txt">https://www.ietf.org/rfc/rfc3657.txt</a>.
  */
 public class CamelliaWrapEngine
     extends RFC3394WrapEngine
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java
index 9db5b427be..c8a1cb3902 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java
@@ -305,7 +305,7 @@ public byte[] unwrap(byte[] in, int inOff, int inLen)
      * - Compute the 20 octet SHA-1 hash on the key being wrapped.
      * - Use the first 8 octets of this hash as the checksum value.
      *
-     * For details see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum.
+     * For details see https://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum.
      *
      * @param key the key to check,
      * @return the CMS checksum.
@@ -325,7 +325,7 @@ private byte[] calculateCMSKeyChecksum(
     }
 
     /**
-     * For details see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
+     * For details see https://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
      *
      * @param key key to be validated.
      * @param checksum the checksum.
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/HC128Engine.java b/core/src/main/java/org/bouncycastle/crypto/engines/HC128Engine.java
index 7d18d6235c..64c7836284 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/HC128Engine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/HC128Engine.java
@@ -12,12 +12,12 @@
  * generates keystream from a 128-bit secret key and a 128-bit initialization
  * vector.
  * <p>
- * http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc128_p3.pdf
+ * https://www.ecrypt.eu.org/stream/p3ciphers/hc/hc128_p3.pdf
  * </p><p>
  * It is a third phase candidate in the eStream contest, and is patent-free.
  * No attacks are known as of today (April 2007). See
  *
- * http://www.ecrypt.eu.org/stream/hcp3.html
+ * https://www.ecrypt.eu.org/stream/hcp3.html
  * </p>
  */
 public class HC128Engine
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/HC256Engine.java b/core/src/main/java/org/bouncycastle/crypto/engines/HC256Engine.java
index a74164aedc..b7fd5bab37 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/HC256Engine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/HC256Engine.java
@@ -12,13 +12,13 @@
  * generates keystream from a 256-bit secret key and a 256-bit initialization 
  * vector.
  * <p>
- * http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc256_p3.pdf
+ * https://www.ecrypt.eu.org/stream/p3ciphers/hc/hc256_p3.pdf
  * </p><p>
  * Its brother, HC-128, is a third phase candidate in the eStream contest.
  * The algorithm is patent-free. No attacks are known as of today (April 2007). 
  * See
  * 
- * http://www.ecrypt.eu.org/stream/hcp3.html
+ * https://www.ecrypt.eu.org/stream/hcp3.html
  * </p>
  */
 public class HC256Engine
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/ISAACEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/ISAACEngine.java
index d2dd265717..596cda3cec 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/ISAACEngine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/ISAACEngine.java
@@ -9,7 +9,7 @@
 
 /**
  * Implementation of Bob Jenkin's ISAAC (Indirection Shift Accumulate Add and Count).
- * see: http://www.burtleburtle.net/bob/rand/isaacafa.html
+ * see: https://www.burtleburtle.net/bob/rand/isaacafa.html
 */
 public class ISAACEngine
     implements StreamCipher
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/NaccacheSternEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/NaccacheSternEngine.java
index a5403fac27..dfeab15fb0 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/NaccacheSternEngine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/NaccacheSternEngine.java
@@ -2,7 +2,6 @@
 
 import java.math.BigInteger;
 import java.util.Vector;
-import org.bouncycastle.util.Arrays;
 
 import org.bouncycastle.crypto.AsymmetricBlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
@@ -11,10 +10,11 @@
 import org.bouncycastle.crypto.params.NaccacheSternKeyParameters;
 import org.bouncycastle.crypto.params.NaccacheSternPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.util.Arrays;
 
 /**
  * NaccacheStern Engine. For details on this cipher, please see
- * http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
+ * https://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
  */
 public class NaccacheSternEngine
     implements AsymmetricBlockCipher
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/RC2WrapEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/RC2WrapEngine.java
index 52bc031a4d..98208b4a8e 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/RC2WrapEngine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/RC2WrapEngine.java
@@ -351,7 +351,7 @@ public byte[] unwrap(byte[] in, int inOff, int inLen)
      * - Compute the 20 octet SHA-1 hash on the key being wrapped.
      * - Use the first 8 octets of this hash as the checksum value.
      *
-     * For details see  http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
+     * For details see  https://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
      */
     private byte[] calculateCMSKeyChecksum(
         byte[] key)
@@ -367,7 +367,7 @@ private byte[] calculateCMSKeyChecksum(
     }
 
     /*
-     * For details see  http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
+     * For details see  https://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum
      */
     private boolean checkCMSKeyChecksum(
         byte[] key,
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/RC532Engine.java b/core/src/main/java/org/bouncycastle/crypto/engines/RC532Engine.java
index 9fb6f55018..d361d1da20 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/RC532Engine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/RC532Engine.java
@@ -8,7 +8,7 @@
 /**
  * The specification for RC5 came from the <code>RC5 Encryption Algorithm</code>
  * publication in RSA CryptoBytes, Spring of 1995. 
- * <em>http://www.rsasecurity.com/rsalabs/cryptobytes</em>.
+ * <em>https://www.rsasecurity.com/rsalabs/cryptobytes</em>.
  * <p>
  * This implementation has a word size of 32 bits.
  * <p>
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/RC564Engine.java b/core/src/main/java/org/bouncycastle/crypto/engines/RC564Engine.java
index 2121a4bcee..dd4cc65d75 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/RC564Engine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/RC564Engine.java
@@ -7,7 +7,7 @@
 /**
  * The specification for RC5 came from the <code>RC5 Encryption Algorithm</code>
  * publication in RSA CryptoBytes, Spring of 1995. 
- * <em>http://www.rsasecurity.com/rsalabs/cryptobytes</em>.
+ * <em>https://www.rsasecurity.com/rsalabs/cryptobytes</em>.
  * <p>
  * This implementation is set to work with a 64 bit word size.
  * <p>
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/RFC3394WrapEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/RFC3394WrapEngine.java
index d2886e7202..e72f2b8a01 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/RFC3394WrapEngine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/RFC3394WrapEngine.java
@@ -14,7 +14,7 @@
  * an implementation of the AES Key Wrapper from the NIST Key Wrap
  * Specification as described in RFC 3394.
  * <p>
- * For further details see: <a href="http://www.ietf.org/rfc/rfc3394.txt">http://www.ietf.org/rfc/rfc3394.txt</a>
+ * For further details see: <a href="https://www.ietf.org/rfc/rfc3394.txt">https://www.ietf.org/rfc/rfc3394.txt</a>
  * and  <a href="http://csrc.nist.gov/encryption/kms/key-wrap.pdf">http://csrc.nist.gov/encryption/kms/key-wrap.pdf</a>.
  */
 public class RFC3394WrapEngine
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/SEEDWrapEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/SEEDWrapEngine.java
index 5b65b00cd6..54a358856f 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/SEEDWrapEngine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/SEEDWrapEngine.java
@@ -3,7 +3,7 @@
 /**
  * An implementation of the SEED key wrapper based on RFC 4010/RFC 3394.
  * <p>
- * For further details see: <a href="http://www.ietf.org/rfc/rfc4010.txt">http://www.ietf.org/rfc/rfc4010.txt</a>.
+ * For further details see: <a href="https://www.ietf.org/rfc/rfc4010.txt">https://www.ietf.org/rfc/rfc4010.txt</a>.
  */
 public class SEEDWrapEngine
     extends RFC3394WrapEngine
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/SerpentEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/SerpentEngine.java
index 4a20ea41a0..63bac69658 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/SerpentEngine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/SerpentEngine.java
@@ -10,7 +10,7 @@
  * Serpent was designed by Ross Anderson, Eli Biham and Lars Knudsen as a
  * candidate algorithm for the NIST AES Quest.
  * <p>
- * For full details see <a href="http://www.cl.cam.ac.uk/~rja14/serpent.html">The Serpent home page</a>
+ * For full details see <a href="https://www.cl.cam.ac.uk/~rja14/serpent.html">The Serpent home page</a>
  */
 public final class SerpentEngine
     extends SerpentEngineBase
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/TnepresEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/TnepresEngine.java
index a34e01624a..a59f455392 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/TnepresEngine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/TnepresEngine.java
@@ -12,7 +12,7 @@
  * with test vectors in the AES submission and the resulting confusion lead to the Tnepres cipher
  * as well, which is a byte swapped version of Serpent.
  * <p>
- * For full details see <a href="http://www.cl.cam.ac.uk/~rja14/serpent.html">The Serpent home page</a>
+ * For full details see <a href="https://www.cl.cam.ac.uk/~rja14/serpent.html">The Serpent home page</a>
  */
 public final class TnepresEngine
     extends SerpentEngineBase
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/Zuc128Engine.java b/core/src/main/java/org/bouncycastle/crypto/engines/Zuc128Engine.java
index 9ee3f08ede..9c2f447d60 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/Zuc128Engine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/Zuc128Engine.java
@@ -4,7 +4,7 @@
 
 /**
  * Zuc256 implementation.
- * Based on http://www.is.cas.cn/ztzl2016/zouchongzhi/201801/W020180126529970733243.pdf
+ * Based on https://www.is.cas.cn/ztzl2016/zouchongzhi/201801/W020180126529970733243.pdf
  */
 public final class Zuc128Engine
     extends Zuc128CoreEngine
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/Zuc256CoreEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/Zuc256CoreEngine.java
index c0c90c6c1f..c42a72ef3a 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/Zuc256CoreEngine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/Zuc256CoreEngine.java
@@ -4,7 +4,7 @@
 
 /**
  * Zuc256 implementation.
- * Based on http://www.is.cas.cn/ztzl2016/zouchongzhi/201801/W020180126529970733243.pdf
+ * Based on https://www.is.cas.cn/ztzl2016/zouchongzhi/201801/W020180126529970733243.pdf
  */
 public class Zuc256CoreEngine
     extends Zuc128CoreEngine
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/Zuc256Engine.java b/core/src/main/java/org/bouncycastle/crypto/engines/Zuc256Engine.java
index 2e5853ae18..c80610c675 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/Zuc256Engine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/Zuc256Engine.java
@@ -4,7 +4,7 @@
 
 /**
  * Zuc256 implementation.
- * Based on http://www.is.cas.cn/ztzl2016/zouchongzhi/201801/W020180126529970733243.pdf
+ * Based on https://www.is.cas.cn/ztzl2016/zouchongzhi/201801/W020180126529970733243.pdf
  */
 public final class Zuc256Engine
     extends Zuc256CoreEngine
diff --git a/core/src/main/java/org/bouncycastle/crypto/generators/NaccacheSternKeyPairGenerator.java b/core/src/main/java/org/bouncycastle/crypto/generators/NaccacheSternKeyPairGenerator.java
index 7d4b90b3fe..3ab1742b5f 100644
--- a/core/src/main/java/org/bouncycastle/crypto/generators/NaccacheSternKeyPairGenerator.java
+++ b/core/src/main/java/org/bouncycastle/crypto/generators/NaccacheSternKeyPairGenerator.java
@@ -15,7 +15,7 @@
 /**
  * Key generation parameters for NaccacheStern cipher. For details on this cipher, please see
  * 
- * http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
+ * https://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
  */
 public class NaccacheSternKeyPairGenerator 
     implements AsymmetricCipherKeyPairGenerator 
diff --git a/core/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java b/core/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java
index d9b82c323e..eb2756de42 100644
--- a/core/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java
+++ b/core/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java
@@ -11,7 +11,7 @@
  * Generator for PBE derived keys and ivs as defined by PKCS 12 V1.0.
  * <p>
  * The document this implementation is based on can be found at
- * <a href=http://www.rsasecurity.com/rsalabs/pkcs/pkcs-12/index.html>
+ * <a href=https://www.rsasecurity.com/rsalabs/pkcs/pkcs-12/index.html>
  * RSA's PKCS12 Page</a>
  */
 public class PKCS12ParametersGenerator
diff --git a/core/src/main/java/org/bouncycastle/crypto/generators/PKCS5S1ParametersGenerator.java b/core/src/main/java/org/bouncycastle/crypto/generators/PKCS5S1ParametersGenerator.java
index 1c62eccc23..758a3f9adb 100644
--- a/core/src/main/java/org/bouncycastle/crypto/generators/PKCS5S1ParametersGenerator.java
+++ b/core/src/main/java/org/bouncycastle/crypto/generators/PKCS5S1ParametersGenerator.java
@@ -12,7 +12,7 @@
  * digest used to drive it.
  * <p>
  * The document this implementation is based on can be found at
- * <a href=http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/index.html>
+ * <a href=https://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/index.html>
  * RSA's PKCS5 Page</a>
  */
 public class PKCS5S1ParametersGenerator
diff --git a/core/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java b/core/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java
index 383872fb60..4799248d62 100644
--- a/core/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java
+++ b/core/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java
@@ -14,7 +14,7 @@
  * This generator uses a SHA-1 HMac as the calculation function.
  * <p>
  * The document this implementation is based on can be found at
- * <a href=http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/index.html>
+ * <a href=https://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/index.html>
  * RSA's PKCS5 Page</a>
  */
 public class PKCS5S2ParametersGenerator
diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/Zuc128Mac.java b/core/src/main/java/org/bouncycastle/crypto/macs/Zuc128Mac.java
index d50669ce37..199ac23faf 100644
--- a/core/src/main/java/org/bouncycastle/crypto/macs/Zuc128Mac.java
+++ b/core/src/main/java/org/bouncycastle/crypto/macs/Zuc128Mac.java
@@ -6,7 +6,7 @@
 
 /**
  * Zuc128 Mac implementation.
- * Based on http://www.qtc.jp/3GPP/Specs/eea3eia3specificationv16.pdf
+ * Based on https://www.qtc.jp/3GPP/Specs/eea3eia3specificationv16.pdf
  */
 public final class Zuc128Mac
     implements Mac
diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/Zuc256Mac.java b/core/src/main/java/org/bouncycastle/crypto/macs/Zuc256Mac.java
index 6d45b1f5a3..26313d5310 100644
--- a/core/src/main/java/org/bouncycastle/crypto/macs/Zuc256Mac.java
+++ b/core/src/main/java/org/bouncycastle/crypto/macs/Zuc256Mac.java
@@ -6,7 +6,7 @@
 
 /**
  * Zuc256 Mac implementation.
- * Based on http://www.is.cas.cn/ztzl2016/zouchongzhi/201801/W020180126529970733243.pdf
+ * Based on https://www.is.cas.cn/ztzl2016/zouchongzhi/201801/W020180126529970733243.pdf
  */
 public final class Zuc256Mac
     implements Mac
diff --git a/core/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java b/core/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java
index 3bb275b83d..18efa0a290 100644
--- a/core/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java
+++ b/core/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java
@@ -15,7 +15,7 @@
  * A Two-Pass Authenticated-Encryption Scheme Optimized for Simplicity and
  * Efficiency - by M. Bellare, P. Rogaway, D. Wagner.
  *
- * http://www.cs.ucdavis.edu/~rogaway/papers/eax.pdf
+ * https://www.cs.ucdavis.edu/~rogaway/papers/eax.pdf
  *
  * EAX is an AEAD scheme based on CTR and OMAC1/CMAC, that uses a single block
  * cipher to encrypt and authenticate data. It's on-line (the length of a
diff --git a/core/src/main/java/org/bouncycastle/crypto/modes/G3413CBCBlockCipher.java b/core/src/main/java/org/bouncycastle/crypto/modes/G3413CBCBlockCipher.java
index 97ba1f9b10..ca1973634d 100644
--- a/core/src/main/java/org/bouncycastle/crypto/modes/G3413CBCBlockCipher.java
+++ b/core/src/main/java/org/bouncycastle/crypto/modes/G3413CBCBlockCipher.java
@@ -8,7 +8,7 @@
 
 /**
  * An implementation of the CBC mode for GOST 3412 2015 cipher.
- * See  <a href="http://www.tc26.ru/standard/gost/GOST_R_3413-2015.pdf">GOST R 3413 2015</a>
+ * See  <a href="https://www.tc26.ru/standard/gost/GOST_R_3413-2015.pdf">GOST R 3413 2015</a>
  */
 public class G3413CBCBlockCipher
     implements BlockCipher
diff --git a/core/src/main/java/org/bouncycastle/crypto/modes/G3413CFBBlockCipher.java b/core/src/main/java/org/bouncycastle/crypto/modes/G3413CFBBlockCipher.java
index 34afce2101..c356437219 100644
--- a/core/src/main/java/org/bouncycastle/crypto/modes/G3413CFBBlockCipher.java
+++ b/core/src/main/java/org/bouncycastle/crypto/modes/G3413CFBBlockCipher.java
@@ -9,7 +9,7 @@
 
 /**
  * An implementation of the CFB mode for GOST 3412 2015 cipher.
- * See  <a href="http://www.tc26.ru/standard/gost/GOST_R_3413-2015.pdf">GOST R 3413 2015</a>
+ * See  <a href="https://www.tc26.ru/standard/gost/GOST_R_3413-2015.pdf">GOST R 3413 2015</a>
  */
 public class G3413CFBBlockCipher
     extends StreamBlockCipher
diff --git a/core/src/main/java/org/bouncycastle/crypto/modes/G3413OFBBlockCipher.java b/core/src/main/java/org/bouncycastle/crypto/modes/G3413OFBBlockCipher.java
index 148f382082..a9a0faf172 100644
--- a/core/src/main/java/org/bouncycastle/crypto/modes/G3413OFBBlockCipher.java
+++ b/core/src/main/java/org/bouncycastle/crypto/modes/G3413OFBBlockCipher.java
@@ -9,7 +9,7 @@
 
 /**
  * An implementation of the OFB mode for GOST 3412 2015 cipher.
- * See  <a href="http://www.tc26.ru/standard/gost/GOST_R_3413-2015.pdf">GOST R 3413 2015</a>
+ * See  <a href="https://www.tc26.ru/standard/gost/GOST_R_3413-2015.pdf">GOST R 3413 2015</a>
  */
 public class G3413OFBBlockCipher
     extends StreamBlockCipher
diff --git a/core/src/main/java/org/bouncycastle/crypto/modes/OCBBlockCipher.java b/core/src/main/java/org/bouncycastle/crypto/modes/OCBBlockCipher.java
index 9a484fe6fe..c6641fc250 100644
--- a/core/src/main/java/org/bouncycastle/crypto/modes/OCBBlockCipher.java
+++ b/core/src/main/java/org/bouncycastle/crypto/modes/OCBBlockCipher.java
@@ -16,7 +16,7 @@
  * An implementation of <a href="https://tools.ietf.org/html/rfc7253">RFC 7253 on The OCB
  * Authenticated-Encryption Algorithm</a>, licensed per:
  * <p>
- * <blockquote> <a href="http://www.cs.ucdavis.edu/~rogaway/ocb/license1.pdf">License for
+ * <blockquote> <a href="https://www.cs.ucdavis.edu/~rogaway/ocb/license1.pdf">License for
  * Open-Source Software Implementations of OCB</a> (Jan 9, 2013) &mdash; &ldquo;License 1&rdquo; <br>
  * Under this license, you are authorized to make, use, and distribute open-source software
  * implementations of OCB. This license terminates for you if you sue someone over their open-source
diff --git a/core/src/main/java/org/bouncycastle/crypto/modes/OpenPGPCFBBlockCipher.java b/core/src/main/java/org/bouncycastle/crypto/modes/OpenPGPCFBBlockCipher.java
index 8ae1588a85..99f96b2130 100644
--- a/core/src/main/java/org/bouncycastle/crypto/modes/OpenPGPCFBBlockCipher.java
+++ b/core/src/main/java/org/bouncycastle/crypto/modes/OpenPGPCFBBlockCipher.java
@@ -11,7 +11,7 @@
  * to the data stream already, and just accomodates the reset after
  * (blockSize + 2) bytes have been read.
  * <p>
- * For further info see <a href="http://www.ietf.org/rfc/rfc2440.html">RFC 2440</a>.
+ * For further info see <a href="https://www.ietf.org/rfc/rfc2440.html">RFC 2440</a>.
  */
 public class OpenPGPCFBBlockCipher
     implements BlockCipher
diff --git a/core/src/main/java/org/bouncycastle/crypto/modes/PGPCFBBlockCipher.java b/core/src/main/java/org/bouncycastle/crypto/modes/PGPCFBBlockCipher.java
index 72f68caaae..b9739a0cb6 100644
--- a/core/src/main/java/org/bouncycastle/crypto/modes/PGPCFBBlockCipher.java
+++ b/core/src/main/java/org/bouncycastle/crypto/modes/PGPCFBBlockCipher.java
@@ -7,7 +7,7 @@
 import org.bouncycastle.crypto.params.ParametersWithIV;
 
 /**
- * Implements OpenPGP's rather strange version of Cipher-FeedBack (CFB) mode on top of a simple cipher. For further info see <a href="http://www.ietf.org/rfc/rfc2440.html">RFC 2440</a>.
+ * Implements OpenPGP's rather strange version of Cipher-FeedBack (CFB) mode on top of a simple cipher. For further info see <a href="https://www.ietf.org/rfc/rfc2440.html">RFC 2440</a>.
  */
 public class PGPCFBBlockCipher
     implements BlockCipher
diff --git a/core/src/main/java/org/bouncycastle/crypto/params/DESParameters.java b/core/src/main/java/org/bouncycastle/crypto/params/DESParameters.java
index 5bee3604f2..061d134f6f 100644
--- a/core/src/main/java/org/bouncycastle/crypto/params/DESParameters.java
+++ b/core/src/main/java/org/bouncycastle/crypto/params/DESParameters.java
@@ -52,7 +52,7 @@ public DESParameters(
      * if the given DES key material is weak or semi-weak.
      * Key material that is too short is regarded as weak.
      * <p>
-     * See <a href="http://www.counterpane.com/applied.html">"Applied
+     * See <a href="https://www.counterpane.com/applied.html">"Applied
      * Cryptography"</a> by Bruce Schneier for more information.
      *
      * @return true if the given DES key material is weak or semi-weak,
diff --git a/core/src/main/java/org/bouncycastle/crypto/params/NaccacheSternKeyGenerationParameters.java b/core/src/main/java/org/bouncycastle/crypto/params/NaccacheSternKeyGenerationParameters.java
index 758fcd79b7..ace103bbe1 100644
--- a/core/src/main/java/org/bouncycastle/crypto/params/NaccacheSternKeyGenerationParameters.java
+++ b/core/src/main/java/org/bouncycastle/crypto/params/NaccacheSternKeyGenerationParameters.java
@@ -8,7 +8,7 @@
  * Parameters for NaccacheStern public private key generation. For details on
  * this cipher, please see
  * 
- * http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
+ * https://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
  */
 public class NaccacheSternKeyGenerationParameters extends KeyGenerationParameters
 {
diff --git a/core/src/main/java/org/bouncycastle/crypto/params/NaccacheSternKeyParameters.java b/core/src/main/java/org/bouncycastle/crypto/params/NaccacheSternKeyParameters.java
index 21b6a286d0..329bdde1ad 100644
--- a/core/src/main/java/org/bouncycastle/crypto/params/NaccacheSternKeyParameters.java
+++ b/core/src/main/java/org/bouncycastle/crypto/params/NaccacheSternKeyParameters.java
@@ -6,7 +6,7 @@
  * Public key parameters for NaccacheStern cipher. For details on this cipher,
  * please see
  * 
- * http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
+ * https://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
  */
 public class NaccacheSternKeyParameters extends AsymmetricKeyParameter
 {
diff --git a/core/src/main/java/org/bouncycastle/crypto/params/NaccacheSternPrivateKeyParameters.java b/core/src/main/java/org/bouncycastle/crypto/params/NaccacheSternPrivateKeyParameters.java
index 6d0ec48682..a2d73fa825 100644
--- a/core/src/main/java/org/bouncycastle/crypto/params/NaccacheSternPrivateKeyParameters.java
+++ b/core/src/main/java/org/bouncycastle/crypto/params/NaccacheSternPrivateKeyParameters.java
@@ -7,7 +7,7 @@
  * Private key parameters for NaccacheStern cipher. For details on this cipher,
  * please see
  * 
- * http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
+ * https://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
  */
 public class NaccacheSternPrivateKeyParameters extends NaccacheSternKeyParameters 
 {
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigner.java b/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigner.java
index 19bf802426..e7ddae2d5f 100644
--- a/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigner.java
+++ b/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigner.java
@@ -10,8 +10,8 @@
 /**
 * Signs, verifies data and generates key pairs.
 * @deprecated the NTRUSigner algorithm was broken in 2012 by Ducas and Nguyen. See
-* <a href="http://www.di.ens.fr/~ducas/NTRUSign_Cryptanalysis/DucasNguyen_Learning.pdf">
-* http://www.di.ens.fr/~ducas/NTRUSign_Cryptanalysis/DucasNguyen_Learning.pdf</a>
+* <a href="https://www.di.ens.fr/~ducas/NTRUSign_Cryptanalysis/DucasNguyen_Learning.pdf">
+* https://www.di.ens.fr/~ducas/NTRUSign_Cryptanalysis/DucasNguyen_Learning.pdf</a>
 * for details.
 */
 public class NTRUSigner
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2nPolynomialElement.java b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2nPolynomialElement.java
index 36b20331a3..68a96041fb 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2nPolynomialElement.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2nPolynomialElement.java
@@ -9,7 +9,7 @@
  * This class implements elements of finite binary fields <i>GF(2<sup>n</sup>)</i>
  * using polynomial representation. For more information on the arithmetic see
  * for example IEEE Standard 1363 or <a
- * href=http://www.certicom.com/research/online.html> Certicom online-tutorial</a>.
+ * href=https://www.certicom.com/research/online.html> Certicom online-tutorial</a>.
  *
  * @see "GF2nField"
  * @see GF2nPolynomialField
diff --git a/core/src/test/data/rfc4134/rfc4134.txt b/core/src/test/data/rfc4134/rfc4134.txt
index a53cec5e16..9aa176ba9b 100644
--- a/core/src/test/data/rfc4134/rfc4134.txt
+++ b/core/src/test/data/rfc4134/rfc4134.txt
@@ -7596,7 +7596,7 @@ Intellectual Property
    attempt made to obtain a general license or permission for the use of
    such proprietary rights by implementers or users of this
    specification can be obtained from the IETF on-line IPR repository at
-   http://www.ietf.org/ipr.
+   https://www.ietf.org/ipr.
 
    The IETF invites any interested party to bring to its attention any
    copyrights, patents or patent applications, or other proprietary
diff --git a/core/src/test/java/org/bouncycastle/asn1/test/EncryptedPrivateKeyInfoTest.java b/core/src/test/java/org/bouncycastle/asn1/test/EncryptedPrivateKeyInfoTest.java
index 053a81b51b..6d96971e3e 100644
--- a/core/src/test/java/org/bouncycastle/asn1/test/EncryptedPrivateKeyInfoTest.java
+++ b/core/src/test/java/org/bouncycastle/asn1/test/EncryptedPrivateKeyInfoTest.java
@@ -14,7 +14,7 @@
 /**
  * Test the reading and writing of EncryptedPrivateKeyInfo objects using
  * the test vectors provided at
- * <a href=http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/index.html>
+ * <a href=https://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/index.html>
  * RSA's PKCS5 Page</a>.
  * <br>
  * The vectors are Base 64 encoded and encrypted using the password "password"
diff --git a/core/src/test/java/org/bouncycastle/asn1/test/X500NameTest.java b/core/src/test/java/org/bouncycastle/asn1/test/X500NameTest.java
index 74df61a9cb..1f8f7ec689 100644
--- a/core/src/test/java/org/bouncycastle/asn1/test/X500NameTest.java
+++ b/core/src/test/java/org/bouncycastle/asn1/test/X500NameTest.java
@@ -39,7 +39,7 @@ public class X500NameTest
        "E=cooke@issl.atl.hp.com,C=US,OU=Hewlett Packard Company (ISSL),CN=Paul A. Cooke",
        "O=Sun Microsystems Inc,CN=store.sun.com",
        "unstructuredAddress=192.168.1.33,unstructuredName=pixfirewall.ciscopix.com,CN=pixfirewall.ciscopix.com",
-       "CN=*.canal-plus.com,OU=Provided by TBS INTERNET http://www.tbs-certificats.com/,OU=\\ CANAL \\+,O=CANAL\\+DISTRIBUTION,L=issy les moulineaux,ST=Hauts de Seine,C=FR",
+       "CN=*.canal-plus.com,OU=Provided by TBS INTERNET https://www.tbs-certificats.com/,OU=\\ CANAL \\+,O=CANAL\\+DISTRIBUTION,L=issy les moulineaux,ST=Hauts de Seine,C=FR",
        "O=Bouncy Castle,CN=www.bouncycastle.org\\ ",
        "O=Bouncy Castle,CN=c:\\\\fred\\\\bob",
        "C=0,O=1,OU=2,T=3,CN=4,SERIALNUMBER=5,STREET=6,SERIALNUMBER=7,L=8,ST=9,SURNAME=10,GIVENNAME=11,INITIALS=12," +
diff --git a/core/src/test/java/org/bouncycastle/asn1/test/X509NameTest.java b/core/src/test/java/org/bouncycastle/asn1/test/X509NameTest.java
index c20588d382..9281fe3666 100644
--- a/core/src/test/java/org/bouncycastle/asn1/test/X509NameTest.java
+++ b/core/src/test/java/org/bouncycastle/asn1/test/X509NameTest.java
@@ -40,7 +40,7 @@ public class X509NameTest
        "E=cooke@issl.atl.hp.com,C=US,OU=Hewlett Packard Company (ISSL),CN=Paul A. Cooke",
        "O=Sun Microsystems Inc,CN=store.sun.com",
        "unstructuredAddress=192.168.1.33,unstructuredName=pixfirewall.ciscopix.com,CN=pixfirewall.ciscopix.com",
-       "CN=*.canal-plus.com,OU=Provided by TBS INTERNET http://www.tbs-certificats.com/,OU=\\ CANAL \\+,O=CANAL\\+DISTRIBUTION,L=issy les moulineaux,ST=Hauts de Seine,C=FR",
+       "CN=*.canal-plus.com,OU=Provided by TBS INTERNET https://www.tbs-certificats.com/,OU=\\ CANAL \\+,O=CANAL\\+DISTRIBUTION,L=issy les moulineaux,ST=Hauts de Seine,C=FR",
        "O=Bouncy Castle,CN=www.bouncycastle.org\\ ",
        "O=Bouncy Castle,CN=c:\\\\fred\\\\bob"
     };
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/BlowfishTest.java b/core/src/test/java/org/bouncycastle/crypto/test/BlowfishTest.java
index 757788edb5..a31088371b 100644
--- a/core/src/test/java/org/bouncycastle/crypto/test/BlowfishTest.java
+++ b/core/src/test/java/org/bouncycastle/crypto/test/BlowfishTest.java
@@ -6,7 +6,7 @@
 import org.bouncycastle.util.test.SimpleTest;
 
 /**
- * blowfish tester - vectors from http://www.counterpane.com/vectors.txt
+ * blowfish tester - vectors from https://www.counterpane.com/vectors.txt
  */
 public class BlowfishTest
     extends CipherTest
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/CAST5Test.java b/core/src/test/java/org/bouncycastle/crypto/test/CAST5Test.java
index c651d87381..2ec1fb236b 100644
--- a/core/src/test/java/org/bouncycastle/crypto/test/CAST5Test.java
+++ b/core/src/test/java/org/bouncycastle/crypto/test/CAST5Test.java
@@ -6,7 +6,7 @@
 import org.bouncycastle.util.test.SimpleTest;
 
 /**
- * cast tester - vectors from http://www.ietf.org/rfc/rfc2144.txt
+ * cast tester - vectors from https://www.ietf.org/rfc/rfc2144.txt
  */
 public class CAST5Test
     extends CipherTest
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/CAST6Test.java b/core/src/test/java/org/bouncycastle/crypto/test/CAST6Test.java
index ef035a5d87..4e29b19f58 100644
--- a/core/src/test/java/org/bouncycastle/crypto/test/CAST6Test.java
+++ b/core/src/test/java/org/bouncycastle/crypto/test/CAST6Test.java
@@ -6,7 +6,7 @@
 import org.bouncycastle.util.test.SimpleTest;
 
 /**
- * cast6 tester - vectors from http://www.ietf.org/rfc/rfc2612.txt
+ * cast6 tester - vectors from https://www.ietf.org/rfc/rfc2612.txt
  */
 public class CAST6Test
     extends CipherTest
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/CMacTest.java b/core/src/test/java/org/bouncycastle/crypto/test/CMacTest.java
index 47160e7ca2..bf81f69638 100644
--- a/core/src/test/java/org/bouncycastle/crypto/test/CMacTest.java
+++ b/core/src/test/java/org/bouncycastle/crypto/test/CMacTest.java
@@ -18,7 +18,7 @@
 import org.bouncycastle.util.test.SimpleTest;
 
 /**
- * CMAC tester - <a href="http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/tv/omac1-tv.txt">Official Test Vectors</a>.
+ * CMAC tester - <a href="https://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/tv/omac1-tv.txt">Official Test Vectors</a>.
  */
 public class CMacTest
     extends SimpleTest
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/DESTest.java b/core/src/test/java/org/bouncycastle/crypto/test/DESTest.java
index 08056fc46f..58a061534c 100644
--- a/core/src/test/java/org/bouncycastle/crypto/test/DESTest.java
+++ b/core/src/test/java/org/bouncycastle/crypto/test/DESTest.java
@@ -1,5 +1,7 @@
 package org.bouncycastle.crypto.test;
 
+import java.security.SecureRandom;
+
 import org.bouncycastle.crypto.KeyGenerationParameters;
 import org.bouncycastle.crypto.engines.DESEngine;
 import org.bouncycastle.crypto.generators.DESKeyGenerator;
@@ -12,8 +14,6 @@
 import org.bouncycastle.util.encoders.Hex;
 import org.bouncycastle.util.test.SimpleTest;
 
-import java.security.SecureRandom;
-
 class DESParityTest
     extends SimpleTest
 {
@@ -151,7 +151,7 @@ public void performTest() throws Exception
 }
 
 /**
- * DES tester - vectors from <a href=http://www.itl.nist.gov/fipspubs/fip81.htm>FIPS 81</a>
+ * DES tester - vectors from <a href=https://www.itl.nist.gov/fipspubs/fip81.htm>FIPS 81</a>
  */
 public class DESTest
     extends CipherTest
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/ECGOST3410Test.java b/core/src/test/java/org/bouncycastle/crypto/test/ECGOST3410Test.java
index 291c305645..b9e55e37ee 100644
--- a/core/src/test/java/org/bouncycastle/crypto/test/ECGOST3410Test.java
+++ b/core/src/test/java/org/bouncycastle/crypto/test/ECGOST3410Test.java
@@ -100,7 +100,7 @@ private void ecGOST3410_TEST()
 
     /**
      * Test Sign & Verify with test parameters
-     * see: http://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-01.txt
+     * see: https://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-01.txt
      * gostR3410-2001-TestParamSet  P.46
      */
     private void ecGOST3410_TestParam()
@@ -157,7 +157,7 @@ private void ecGOST3410_TestParam()
 
     /**
      * Test Sign & Verify with A parameters
-     * see: http://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-01.txt
+     * see: https://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-01.txt
      * gostR3410-2001-CryptoPro-A-ParamSet  P.47
      */
     public void ecGOST3410_AParam()
@@ -207,7 +207,7 @@ public void ecGOST3410_AParam()
 
     /**
      * Test Sign & Verify with B parameters
-     * see: http://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-01.txt
+     * see: https://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-01.txt
      * gostR3410-2001-CryptoPro-B-ParamSet  P.47-48
      */
     private void ecGOST3410_BParam()
@@ -257,7 +257,7 @@ private void ecGOST3410_BParam()
 
     /**
      * Test Sign & Verify with C parameters
-     * see: http://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-01.txt
+     * see: https://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-01.txt
      * gostR3410-2001-CryptoPro-C-ParamSet  P.48
      */
     private void ecGOST3410_CParam()
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/HCFamilyTest.java b/core/src/test/java/org/bouncycastle/crypto/test/HCFamilyTest.java
index 5604d9ccee..75083322cd 100644
--- a/core/src/test/java/org/bouncycastle/crypto/test/HCFamilyTest.java
+++ b/core/src/test/java/org/bouncycastle/crypto/test/HCFamilyTest.java
@@ -12,8 +12,8 @@
  * HC-128 and HC-256 Tests. Based on the test vectors in the official reference
  * papers, respectively:
  * <pre>
- * http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc128_p3.pdf
- * http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc256_p3.pdf
+ * https://www.ecrypt.eu.org/stream/p3ciphers/hc/hc128_p3.pdf
+ * https://www.ecrypt.eu.org/stream/p3ciphers/hc/hc256_p3.pdf
  * </pre>
  * See HCFamilyVecTest for a more exhaustive test based on the ecrypt vectors.
  */
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/HCFamilyVecTest.java b/core/src/test/java/org/bouncycastle/crypto/test/HCFamilyVecTest.java
index 51247e6a38..fd66f61848 100644
--- a/core/src/test/java/org/bouncycastle/crypto/test/HCFamilyVecTest.java
+++ b/core/src/test/java/org/bouncycastle/crypto/test/HCFamilyVecTest.java
@@ -19,8 +19,8 @@
  * HC-128 and HC-256 Tests. Based on the test vectors in the official reference
  * papers, respectively:
  * 
- * http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc128_p3.pdf
- * http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc256_p3.pdf
+ * https://www.ecrypt.eu.org/stream/p3ciphers/hc/hc128_p3.pdf
+ * https://www.ecrypt.eu.org/stream/p3ciphers/hc/hc256_p3.pdf
  */
 public class HCFamilyVecTest
     extends SimpleTest
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/ISAACTest.java b/core/src/test/java/org/bouncycastle/crypto/test/ISAACTest.java
index 02319a38bf..7a940af1c9 100644
--- a/core/src/test/java/org/bouncycastle/crypto/test/ISAACTest.java
+++ b/core/src/test/java/org/bouncycastle/crypto/test/ISAACTest.java
@@ -6,7 +6,7 @@
 import org.bouncycastle.util.test.SimpleTest;
 
 /**
- * ISAAC Test - see http://www.burtleburtle.net/bob/rand/isaacafa.html
+ * ISAAC Test - see https://www.burtleburtle.net/bob/rand/isaacafa.html
  */
 public class ISAACTest
     extends SimpleTest
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/KeccakDigestTest.java b/core/src/test/java/org/bouncycastle/crypto/test/KeccakDigestTest.java
index fc566d3be9..22d6146c70 100644
--- a/core/src/test/java/org/bouncycastle/crypto/test/KeccakDigestTest.java
+++ b/core/src/test/java/org/bouncycastle/crypto/test/KeccakDigestTest.java
@@ -66,7 +66,7 @@ public class KeccakDigestTest
         "3e122edaf37398231cfaca4c7c216c9d66d5b899ec1d7ac617c40c7261906a45fc01617a021e5da3bd8d4182695b5cb785a28237cbb167590e34718e56d8aab8"
     };
 
-    // test vectors from  http://www.di-mgt.com.au/hmac_sha3_testvectors.html
+    // test vectors from  https://www.di-mgt.com.au/hmac_sha3_testvectors.html
     final static byte[][] macKeys =
     {
         Hex.decode("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"),
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/MacTest.java b/core/src/test/java/org/bouncycastle/crypto/test/MacTest.java
index 5b05a60807..d5e26c2891 100644
--- a/core/src/test/java/org/bouncycastle/crypto/test/MacTest.java
+++ b/core/src/test/java/org/bouncycastle/crypto/test/MacTest.java
@@ -5,16 +5,16 @@
 import org.bouncycastle.crypto.engines.DESEngine;
 import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
 import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
+import org.bouncycastle.crypto.paddings.PKCS7Padding;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.crypto.paddings.PKCS7Padding;
 import org.bouncycastle.util.encoders.Hex;
 import org.bouncycastle.util.test.SimpleTest;
 
 /**
  * MAC tester - vectors from 
- * <a href=http://www.itl.nist.gov/fipspubs/fip81.htm>FIP 81</a> and 
- * <a href=http://www.itl.nist.gov/fipspubs/fip113.htm>FIP 113</a>.
+ * <a href=https://www.itl.nist.gov/fipspubs/fip81.htm>FIP 81</a> and 
+ * <a href=https://www.itl.nist.gov/fipspubs/fip113.htm>FIP 113</a>.
  */
 public class MacTest
     extends SimpleTest
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/NaccacheSternTest.java b/core/src/test/java/org/bouncycastle/crypto/test/NaccacheSternTest.java
index 56e0e301a2..f85b231c91 100644
--- a/core/src/test/java/org/bouncycastle/crypto/test/NaccacheSternTest.java
+++ b/core/src/test/java/org/bouncycastle/crypto/test/NaccacheSternTest.java
@@ -17,7 +17,7 @@
 /**
  * Test case for NaccacheStern cipher. For details on this cipher, please see
  * 
- * http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
+ * https://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf
  *
  * Performs the following tests: 
  *  <ul>
@@ -91,7 +91,7 @@ public class NaccacheSternTest
         decryptEng.setDebug(debug);
 
         // First the Parameters from the NaccacheStern Paper
-        // (see http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf )
+        // (see https://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf )
 
         smallPrimes.addElement(u1);
         smallPrimes.addElement(u2);
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/PKCS12Test.java b/core/src/test/java/org/bouncycastle/crypto/test/PKCS12Test.java
index c5c7aa343c..a5402aeae0 100644
--- a/core/src/test/java/org/bouncycastle/crypto/test/PKCS12Test.java
+++ b/core/src/test/java/org/bouncycastle/crypto/test/PKCS12Test.java
@@ -13,8 +13,8 @@
 
 /**
  * test for PKCS12 key generation - vectors from 
- * <a href=http://www.drh-consultancy.demon.co.uk/test.txt>
- * http://www.drh-consultancy.demon.co.uk/test.txt</a>
+ * <a href=https://www.drh-consultancy.demon.co.uk/test.txt>
+ * https://www.drh-consultancy.demon.co.uk/test.txt</a>
  */
 public class PKCS12Test
     implements Test
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/PKCS5Test.java b/core/src/test/java/org/bouncycastle/crypto/test/PKCS5Test.java
index 6145114e83..994d020872 100644
--- a/core/src/test/java/org/bouncycastle/crypto/test/PKCS5Test.java
+++ b/core/src/test/java/org/bouncycastle/crypto/test/PKCS5Test.java
@@ -6,7 +6,6 @@
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo;
 import org.bouncycastle.asn1.pkcs.EncryptionScheme;
-import org.bouncycastle.asn1.pkcs.KeyDerivationFunc;
 import org.bouncycastle.asn1.pkcs.PBES2Parameters;
 import org.bouncycastle.asn1.pkcs.PBKDF2Params;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -29,7 +28,7 @@
 /**
  * A test class for PKCS5 PBES2 with PBKDF2 (PKCS5 v2.0) using
  * test vectors provider at 
- * <a href=http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/index.html>
+ * <a href=https://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/index.html>
  * RSA's PKCS5 Page</a>
  * <br>
  * The vectors are Base 64 encoded and encrypted using the password "password"
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/SCryptTest.java b/core/src/test/java/org/bouncycastle/crypto/test/SCryptTest.java
index 4922407be5..334d676c35 100644
--- a/core/src/test/java/org/bouncycastle/crypto/test/SCryptTest.java
+++ b/core/src/test/java/org/bouncycastle/crypto/test/SCryptTest.java
@@ -12,7 +12,7 @@
 
 /*
  * scrypt test vectors from "Stronger Key Derivation Via Sequential Memory-hard Functions" Appendix B.
- * (http://www.tarsnap.com/scrypt/scrypt.pdf)
+ * (https://www.tarsnap.com/scrypt/scrypt.pdf)
  */
 public class SCryptTest
     extends SimpleTest
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/SEEDTest.java b/core/src/test/java/org/bouncycastle/crypto/test/SEEDTest.java
index 4aa955b2a7..e1b1831b05 100644
--- a/core/src/test/java/org/bouncycastle/crypto/test/SEEDTest.java
+++ b/core/src/test/java/org/bouncycastle/crypto/test/SEEDTest.java
@@ -6,7 +6,7 @@
 import org.bouncycastle.util.test.SimpleTest;
 
 /**
- * SEED tester - vectors http://www.ietf.org/rfc/rfc4009.txt
+ * SEED tester - vectors https://www.ietf.org/rfc/rfc4009.txt
  */
 public class SEEDTest
     extends CipherTest
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/TEATest.java b/core/src/test/java/org/bouncycastle/crypto/test/TEATest.java
index 98b0ec9a62..0f05237447 100644
--- a/core/src/test/java/org/bouncycastle/crypto/test/TEATest.java
+++ b/core/src/test/java/org/bouncycastle/crypto/test/TEATest.java
@@ -6,7 +6,7 @@
 import org.bouncycastle.util.test.SimpleTest;
 
 /**
- * TEA tester - based on C implementation results from http://www.simonshepherd.supanet.com/tea.htm
+ * TEA tester - based on C implementation results from https://www.simonshepherd.supanet.com/tea.htm
  */
 public class TEATest
     extends CipherTest
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/XTEATest.java b/core/src/test/java/org/bouncycastle/crypto/test/XTEATest.java
index 2b5279e940..33fa0f6a84 100644
--- a/core/src/test/java/org/bouncycastle/crypto/test/XTEATest.java
+++ b/core/src/test/java/org/bouncycastle/crypto/test/XTEATest.java
@@ -6,7 +6,7 @@
 import org.bouncycastle.util.test.SimpleTest;
 
 /**
- * TEA tester - based on C implementation results from http://www.simonshepherd.supanet.com/tea.htm
+ * TEA tester - based on C implementation results from https://www.simonshepherd.supanet.com/tea.htm
  */
 public class XTEATest
     extends CipherTest
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/ZucTest.java b/core/src/test/java/org/bouncycastle/crypto/test/ZucTest.java
index c973333b75..872f84983a 100644
--- a/core/src/test/java/org/bouncycastle/crypto/test/ZucTest.java
+++ b/core/src/test/java/org/bouncycastle/crypto/test/ZucTest.java
@@ -17,7 +17,7 @@
 /**
  * Test Cases for Zuc128 and Zuc256.
  * Test Vectors taken from https://www.gsma.com/aboutus/wp-content/uploads/2014/12/eea3eia3zucv16.pdf for Zuc128
- * and http://www.is.cas.cn/ztzl2016/zouchongzhi/201801/W020180126529970733243.pdf for Zuc256.
+ * and https://www.is.cas.cn/ztzl2016/zouchongzhi/201801/W020180126529970733243.pdf for Zuc256.
  */
 public class ZucTest
     extends SimpleTest
diff --git a/docs/releasenotes.html b/docs/releasenotes.html
index c06992a683..5f8582e87d 100644
--- a/docs/releasenotes.html
+++ b/docs/releasenotes.html
@@ -1972,7 +1972,7 @@ <h3>2.57.2 Defects Fixed</h3>
 <h3>2.57.3 Additional Functionality and Features</h3>
 <ul>
     <li>The AESWrap ciphers will now take IV's.
-    <li>The DES-EDEWrap algorithm described in http://www.ietf.org/internet-drafts/draft-ietf-smime-key-wrap-01.txt is now supported.
+    <li>The DES-EDEWrap algorithm described in https://www.ietf.org/internet-drafts/draft-ietf-smime-key-wrap-01.txt is now supported.
     <li>Support for the ExtendedKeyUsageExtension and the KeyPurposeId has been added.
     <li>The OID based alias for DSA has been added to the JCE provider.
     <li>BC key stores now implement the BCKeyStore interface so you can provide your own source of randomness to a key store.
diff --git a/docs/specifications.html b/docs/specifications.html
index dd44426fd9..3e1d2bb816 100644
--- a/docs/specifications.html
+++ b/docs/specifications.html
@@ -23,7 +23,7 @@ <h2>1.0 Introduction</h2>
 based on the MIT X 
 Consortium license.  To view the license, see <a href="./LICENSE.html">here</a>.
 The OpenPGP library also includes a modified BZIP2 library which
-is licensed under the <a href="http://www.apache.org/licenses/">Apache Software License, Version 2.0</a>.
+is licensed under the <a href="https://www.apache.org/licenses/">Apache Software License, Version 2.0</a>.
 
 <p>
 If you have the full package you will have six jar files, bcprov*.jar
@@ -58,7 +58,7 @@ <h2>2.0 Patents</h2>
 <p>
 The BC distribution contains implementations of EC MQV as described in RFC 5753, "Use of ECC Algorithms in CMS". In line with the conditions in:
 <pre>
-<a href="http://www.ietf.org/ietf-ftp/IPR/certicom-ipr-rfc-5753.pdf">http://www.ietf.org/ietf-ftp/IPR/certicom-ipr-rfc-5753.pdf</a>
+<a href="https://www.ietf.org/ietf-ftp/IPR/certicom-ipr-rfc-5753.pdf">https://www.ietf.org/ietf-ftp/IPR/certicom-ipr-rfc-5753.pdf</a>
 </pre>
 We state, where EC MQV has not otherwise been disabled or removed:</br />
 
@@ -1066,7 +1066,7 @@ <h3>7.0 BouncyCastle S/MIME</h3>
 package (including the test classes) you need the jar files for
 the following APIs.
 <ul>
-<li>Junit - <a href="http://www.junit.org">http://www.junit.org</a></li>
+<li>Junit - <a href="https://www.junit.org">https://www.junit.org</a></li>
 <li>JavaMail - <a href="http://java.sun.com/products/javamail/index.html">http://java.sun.com/products/javamail/index.html</a></li>
 <li>The Java Activation Framework - <a href="http://java.sun.com/products/javabeans/glasgow/jaf.html">http://java.sun.com/products/javabeans/glasgow/jaf.html</a></li>
 </ul>
diff --git a/index.html b/index.html
index e78072d2d6..226cdc5443 100644
--- a/index.html
+++ b/index.html
@@ -20,7 +20,7 @@ <h1>The Bouncy Castle Crypto Package</h1>
 <p>
 The Legion also gratefully acknowledges the contributions made to this
 package by others (see <a href=CONTRIBUTORS.html>here</a>
-for the current list). If you would like to contribute to our efforts please feel free to get in touch with us or visit our <a href="https://www.bouncycastle.org/donate">donations page</a>, sponsor some specific work, or purchase a support contract through <a href="http://www.cryptoworkshop.com">Crypto Workshop</a>.
+for the current list). If you would like to contribute to our efforts please feel free to get in touch with us or visit our <a href="https://www.bouncycastle.org/donate">donations page</a>, sponsor some specific work, or purchase a support contract through <a href="https://www.cryptoworkshop.com">Crypto Workshop</a>.
 </p>
 <p>
 The package is organised so that it 
@@ -29,7 +29,7 @@ <h1>The Bouncy Castle Crypto Package</h1>
 to conform the algorithms to the JCE framework.
 </p>
 <p>
-Except where otherwise stated, this software is distributed under a license based on the MIT X Consortium license.  To view the license, <a href="./LICENSE.html">see here</a>. The OpenPGP library also includes a modified BZIP2 library which is licensed under the <a href="http://www.apache.org/licenses/">Apache Software License, Version 2.0</a>.
+Except where otherwise stated, this software is distributed under a license based on the MIT X Consortium license.  To view the license, <a href="./LICENSE.html">see here</a>. The OpenPGP library also includes a modified BZIP2 library which is licensed under the <a href="https://www.apache.org/licenses/">Apache Software License, Version 2.0</a>.
 </p>
 <p>
 The current release notes for this package are
@@ -68,7 +68,7 @@ <h2>Examples and Tests</h2>
 			<li><p><b>org.bouncycastle.x509.examples</b>
 		</ul>
 
-		<p>Finally there are also code <a href="http://www.wiley.com/WileyCDA/WileyAncillary/productCd-0764596330.html">examples</a> from <a href="http://www.amazon.com/exec/obidos/redirect?path=ASIN/0764596330&amp;link_code=as2&amp;camp=1789&amp;tag=bouncycastleo-20&amp;creative=9325">Beginning Cryptography with Java</a> which demonstrate both the use of the JCE/JCA and also some of the Bouncy Castle APIs.</p>
+		<p>Finally there are also code <a href="https://www.wiley.com/WileyCDA/WileyAncillary/productCd-0764596330.html">examples</a> from <a href="https://www.amazon.com/exec/obidos/redirect?path=ASIN/0764596330&amp;link_code=as2&amp;camp=1789&amp;tag=bouncycastleo-20&amp;creative=9325">Beginning Cryptography with Java</a> which demonstrate both the use of the JCE/JCA and also some of the Bouncy Castle APIs.</p>
 <p>
 <b>Note 1:</b>The JCE classes are only distributed with the JDK 1.1, JDK 1.2, and JDK 1.3 JCE releases. The
 JDK 1.0, J2ME, and the JDK 1.1, JDK 1.2, JDK 1.3, JDK 1.4, and JDK 1.5 lightweight releases only include the
@@ -103,7 +103,7 @@ <h2>Mailing Lists</h2>
 <b>NOTE:</b>You need to be subscribed to send mail to the above
 mailing list.
 <p>
-If you want to provide feedback, directly to the members of <b>The Legion</b> then please use <a href="mailto:feedback-crypto@bouncycastle.org">feedback-crypto@bouncycastle.org</a>, if you want to help this project survive please consider <a href="https://www.bouncycastle.org/donate">donating</a> or getting a <a href="http://www.cryptoworkshop.com">support contract</a>.
+If you want to provide feedback, directly to the members of <b>The Legion</b> then please use <a href="mailto:feedback-crypto@bouncycastle.org">feedback-crypto@bouncycastle.org</a>, if you want to help this project survive please consider <a href="https://www.bouncycastle.org/donate">donating</a> or getting a <a href="https://www.cryptoworkshop.com">support contract</a>.
 <p>
 Enjoy!
 </body>
diff --git a/jce/src/main/java/javax/crypto/spec/PBEParameterSpec.java b/jce/src/main/java/javax/crypto/spec/PBEParameterSpec.java
index 2f714ea9e6..a741383e0f 100644
--- a/jce/src/main/java/javax/crypto/spec/PBEParameterSpec.java
+++ b/jce/src/main/java/javax/crypto/spec/PBEParameterSpec.java
@@ -4,7 +4,7 @@
 
 /**
  * This class specifies the set of parameters used with password-based encryption (PBE), as defined in the
- * <a href="http://www.rsa.com/rsalabs/pubs/PKCS/html/pkcs-5.html">PKCS #5</a> standard.
+ * <a href="https://www.rsa.com/rsalabs/pubs/PKCS/html/pkcs-5.html">PKCS #5</a> standard.
  */
 public class PBEParameterSpec
     implements AlgorithmParameterSpec
diff --git a/jce/src/main/java/javax/crypto/spec/PSource.java b/jce/src/main/java/javax/crypto/spec/PSource.java
index 03016e1f2d..10bc92749b 100644
--- a/jce/src/main/java/javax/crypto/spec/PSource.java
+++ b/jce/src/main/java/javax/crypto/spec/PSource.java
@@ -2,7 +2,7 @@
 
 /**
  * This class specifies the source for encoding input P in OAEP Padding, as
- * defined in the {@link http://www.ietf.org/rfc/rfc3447.txt PKCS #1} standard.
+ * defined in the {@link https://www.ietf.org/rfc/rfc3447.txt PKCS #1} standard.
  * 
  * <pre>
  *  
diff --git a/jce/src/main/java/javax/crypto/spec/RC2ParameterSpec.java b/jce/src/main/java/javax/crypto/spec/RC2ParameterSpec.java
index bea52516d3..ee8ac14847 100644
--- a/jce/src/main/java/javax/crypto/spec/RC2ParameterSpec.java
+++ b/jce/src/main/java/javax/crypto/spec/RC2ParameterSpec.java
@@ -4,7 +4,7 @@
 
 /**
  * This class specifies the parameters used with the
- * <a href="http://www.rsa.com/rsalabs/newfaq/q75.html"><i>RC2</i></a>
+ * <a href="https://www.rsa.com/rsalabs/newfaq/q75.html"><i>RC2</i></a>
  * algorithm.
  * <p>
  * The parameters consist of an effective key size and optionally
diff --git a/jce/src/main/java/javax/crypto/spec/RC5ParameterSpec.java b/jce/src/main/java/javax/crypto/spec/RC5ParameterSpec.java
index a34c645b46..bb0b665074 100644
--- a/jce/src/main/java/javax/crypto/spec/RC5ParameterSpec.java
+++ b/jce/src/main/java/javax/crypto/spec/RC5ParameterSpec.java
@@ -4,7 +4,7 @@
 
 /**
  * This class specifies the parameters used with the
- *  <a href="http://www.rsa.com/rsalabs/newfaq/q76.html"><i>RC5</i></a>
+ *  <a href="https://www.rsa.com/rsalabs/newfaq/q76.html"><i>RC5</i></a>
  *  algorithm.
  *  <p>
  *  The parameters consist of a version number, a rounds count, a word
@@ -12,7 +12,7 @@
  *  <p>
  *  This class can be used to initialize a <code>Cipher</code> object that
  *  implements the <i>RC5</i> algorithm as supplied by
- *  <a href="http://www.rsa.com">RSA Data Security, Inc.</a> (RSA DSI),
+ *  <a href="https://www.rsa.com">RSA Data Security, Inc.</a> (RSA DSI),
  *  or any parties authorized by RSA DSI.
  */
 public class RC5ParameterSpec
diff --git a/mail/src/test/resources/org/bouncycastle/mail/smime/test/multi-alternative.eml b/mail/src/test/resources/org/bouncycastle/mail/smime/test/multi-alternative.eml
index b60a7aba55..7996c9734c 100644
--- a/mail/src/test/resources/org/bouncycastle/mail/smime/test/multi-alternative.eml
+++ b/mail/src/test/resources/org/bouncycastle/mail/smime/test/multi-alternative.eml
@@ -121,7 +121,7 @@ naturefile/comment</b></font>
 </tr></table>
 <br><br><br><!-- trailer -->
 <font face=3D"Verdana,Arial,Helvetica" size=3D"-2">
---&nbsp;<br>autogenerated email by <a href=3D"http://www.aktif-technology.c=
+--&nbsp;<br>autogenerated email by <a href=3D"https://www.aktif-technology.c=
 om">AKTIF</a>-EDIService (aedic.sm).
 Please do not respond to this emailaddress.</font>
 </body></html>
diff --git a/pg/src/main/java/org/bouncycastle/apache/bzip2/BZip2Constants.java b/pg/src/main/java/org/bouncycastle/apache/bzip2/BZip2Constants.java
index e86bdeeb8d..c8b82e96a6 100644
--- a/pg/src/main/java/org/bouncycastle/apache/bzip2/BZip2Constants.java
+++ b/pg/src/main/java/org/bouncycastle/apache/bzip2/BZip2Constants.java
@@ -6,7 +6,7 @@
  * (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/pg/src/main/java/org/bouncycastle/apache/bzip2/CBZip2InputStream.java b/pg/src/main/java/org/bouncycastle/apache/bzip2/CBZip2InputStream.java
index 08d05e7dfa..6ac129b55e 100644
--- a/pg/src/main/java/org/bouncycastle/apache/bzip2/CBZip2InputStream.java
+++ b/pg/src/main/java/org/bouncycastle/apache/bzip2/CBZip2InputStream.java
@@ -6,7 +6,7 @@
  * (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -23,8 +23,8 @@
  */
 package org.bouncycastle.apache.bzip2;
 
-import java.io.InputStream;
 import java.io.IOException;
+import java.io.InputStream;
 
 /**
  * An input stream that decompresses from the BZip2 format (with the file
diff --git a/pg/src/main/java/org/bouncycastle/apache/bzip2/CBZip2OutputStream.java b/pg/src/main/java/org/bouncycastle/apache/bzip2/CBZip2OutputStream.java
index e98a91cc85..509b162c3c 100644
--- a/pg/src/main/java/org/bouncycastle/apache/bzip2/CBZip2OutputStream.java
+++ b/pg/src/main/java/org/bouncycastle/apache/bzip2/CBZip2OutputStream.java
@@ -6,7 +6,7 @@
  * (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -24,8 +24,8 @@
 
 package org.bouncycastle.apache.bzip2;
 
-import java.io.OutputStream;
 import java.io.IOException;
+import java.io.OutputStream;
 
 /**
  * An output stream that compresses into the BZip2 format (with the file
diff --git a/pg/src/main/java/org/bouncycastle/apache/bzip2/CRC.java b/pg/src/main/java/org/bouncycastle/apache/bzip2/CRC.java
index ce03d288e2..1b90a72f45 100644
--- a/pg/src/main/java/org/bouncycastle/apache/bzip2/CRC.java
+++ b/pg/src/main/java/org/bouncycastle/apache/bzip2/CRC.java
@@ -6,7 +6,7 @@
  * (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/pg/src/test/java/org/bouncycastle/openpgp/test/PGPKeyRingTest.java b/pg/src/test/java/org/bouncycastle/openpgp/test/PGPKeyRingTest.java
index 1e5e47b435..d79dac86f7 100644
--- a/pg/src/test/java/org/bouncycastle/openpgp/test/PGPKeyRingTest.java
+++ b/pg/src/test/java/org/bouncycastle/openpgp/test/PGPKeyRingTest.java
@@ -1148,7 +1148,7 @@ public class PGPKeyRingTest
         "POOoD7oxdRmJSU5hSspOCHrCwCa3");
 
 
-    // Key from http://www.angelfire.com/pr/pgpf/pgpoddities.html
+    // Key from https://www.angelfire.com/pr/pgpf/pgpoddities.html
     private static final char[] v3KeyPass = "test@key.test".toCharArray();
 
     private static final byte[] pubv3 = Base64.decode(
diff --git a/pg/src/test/jdk1.1/org/bouncycastle/openpgp/test/PGPKeyRingTest.java b/pg/src/test/jdk1.1/org/bouncycastle/openpgp/test/PGPKeyRingTest.java
index 92e6343d7f..b05c3f23c9 100644
--- a/pg/src/test/jdk1.1/org/bouncycastle/openpgp/test/PGPKeyRingTest.java
+++ b/pg/src/test/jdk1.1/org/bouncycastle/openpgp/test/PGPKeyRingTest.java
@@ -1129,7 +1129,7 @@ public class PGPKeyRingTest
         "POOoD7oxdRmJSU5hSspOCHrCwCa3");
 
 
-    // Key from http://www.angelfire.com/pr/pgpf/pgpoddities.html
+    // Key from https://www.angelfire.com/pr/pgpf/pgpoddities.html
     private static final char[] v3KeyPass = "test@key.test".toCharArray();
 
     private static final byte[] pubv3 = Base64.decode(
diff --git a/pkix/src/main/javadoc/org/bouncycastle/cert/cmp/package.html b/pkix/src/main/javadoc/org/bouncycastle/cert/cmp/package.html
index a58af189be..b01e408527 100644
--- a/pkix/src/main/javadoc/org/bouncycastle/cert/cmp/package.html
+++ b/pkix/src/main/javadoc/org/bouncycastle/cert/cmp/package.html
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-        "http://www.w3.org/TR/html4/loose.dtd">
+        "https://www.w3.org/TR/html4/loose.dtd">
 <html>
 <body bgcolor="#ffffff">
 Basic support package for handling and creating CMP (RFC 4210) certificate management messages.
diff --git a/pkix/src/main/javadoc/org/bouncycastle/cert/crmf/jcajce/package.html b/pkix/src/main/javadoc/org/bouncycastle/cert/crmf/jcajce/package.html
index e9bc53fd71..b8b14eeb1c 100644
--- a/pkix/src/main/javadoc/org/bouncycastle/cert/crmf/jcajce/package.html
+++ b/pkix/src/main/javadoc/org/bouncycastle/cert/crmf/jcajce/package.html
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-        "http://www.w3.org/TR/html4/loose.dtd">
+        "https://www.w3.org/TR/html4/loose.dtd">
 <html>
 <body bgcolor="#ffffff">
 JCA extensions to the CRMF online certificate request package.
diff --git a/pkix/src/main/javadoc/org/bouncycastle/cert/crmf/package.html b/pkix/src/main/javadoc/org/bouncycastle/cert/crmf/package.html
index 521fc44065..e9992c4657 100644
--- a/pkix/src/main/javadoc/org/bouncycastle/cert/crmf/package.html
+++ b/pkix/src/main/javadoc/org/bouncycastle/cert/crmf/package.html
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-        "http://www.w3.org/TR/html4/loose.dtd">
+        "https://www.w3.org/TR/html4/loose.dtd">
 <html>
 <body bgcolor="#ffffff">
 Basic support package for handling and creating CRMF (RFC 4211) certificate request messages.
diff --git a/pkix/src/main/javadoc/org/bouncycastle/cert/jcajce/package.html b/pkix/src/main/javadoc/org/bouncycastle/cert/jcajce/package.html
index cc15e01abc..96667c3f32 100644
--- a/pkix/src/main/javadoc/org/bouncycastle/cert/jcajce/package.html
+++ b/pkix/src/main/javadoc/org/bouncycastle/cert/jcajce/package.html
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-        "http://www.w3.org/TR/html4/loose.dtd">
+        "https://www.w3.org/TR/html4/loose.dtd">
 <html>
 <body bgcolor="#ffffff">
 JCA extensions to the certificate building and processing package.
diff --git a/pkix/src/main/javadoc/org/bouncycastle/cert/ocsp/jcajce/package.html b/pkix/src/main/javadoc/org/bouncycastle/cert/ocsp/jcajce/package.html
index cfe87f22a8..b9e5cae4ea 100644
--- a/pkix/src/main/javadoc/org/bouncycastle/cert/ocsp/jcajce/package.html
+++ b/pkix/src/main/javadoc/org/bouncycastle/cert/ocsp/jcajce/package.html
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-        "http://www.w3.org/TR/html4/loose.dtd">
+        "https://www.w3.org/TR/html4/loose.dtd">
 <html>
 <body bgcolor="#ffffff">
 JCA extensions to the OCSP online certificate status package.
diff --git a/pkix/src/main/javadoc/org/bouncycastle/cert/ocsp/package.html b/pkix/src/main/javadoc/org/bouncycastle/cert/ocsp/package.html
index 234cb327e3..4d2bd5ee2a 100644
--- a/pkix/src/main/javadoc/org/bouncycastle/cert/ocsp/package.html
+++ b/pkix/src/main/javadoc/org/bouncycastle/cert/ocsp/package.html
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-        "http://www.w3.org/TR/html4/loose.dtd">
+        "https://www.w3.org/TR/html4/loose.dtd">
 <html>
 <body bgcolor="#ffffff">
 Basic support package for handling and creating OCSP (RFC 2560) online certificate status requests.
diff --git a/pkix/src/main/javadoc/org/bouncycastle/cert/selector/package.html b/pkix/src/main/javadoc/org/bouncycastle/cert/selector/package.html
index c5c421106c..4eaa5ad892 100644
--- a/pkix/src/main/javadoc/org/bouncycastle/cert/selector/package.html
+++ b/pkix/src/main/javadoc/org/bouncycastle/cert/selector/package.html
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-        "http://www.w3.org/TR/html4/loose.dtd">
+        "https://www.w3.org/TR/html4/loose.dtd">
 <html>
 <body bgcolor="#ffffff">
 Specialised Selector classes for certificates, CRLs, and attribute certificates.
diff --git a/pkix/src/main/javadoc/org/bouncycastle/pkcs/bc/package.html b/pkix/src/main/javadoc/org/bouncycastle/pkcs/bc/package.html
index bb47e1a09b..cb085598e0 100644
--- a/pkix/src/main/javadoc/org/bouncycastle/pkcs/bc/package.html
+++ b/pkix/src/main/javadoc/org/bouncycastle/pkcs/bc/package.html
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-        "http://www.w3.org/TR/html4/loose.dtd">
+        "https://www.w3.org/TR/html4/loose.dtd">
 <html>
 <body bgcolor="#ffffff">
 BC lightweight API extensions and operators for the PKCS#10 certification request package.
diff --git a/pkix/src/main/javadoc/org/bouncycastle/pkcs/jcajce/package.html b/pkix/src/main/javadoc/org/bouncycastle/pkcs/jcajce/package.html
index 5305be4e2b..d95908424c 100644
--- a/pkix/src/main/javadoc/org/bouncycastle/pkcs/jcajce/package.html
+++ b/pkix/src/main/javadoc/org/bouncycastle/pkcs/jcajce/package.html
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-        "http://www.w3.org/TR/html4/loose.dtd">
+        "https://www.w3.org/TR/html4/loose.dtd">
 <html>
 <body bgcolor="#ffffff">
 JCA extensions and operators for the PKCS#10 certification request package.
diff --git a/pkix/src/main/javadoc/org/bouncycastle/pkcs/package.html b/pkix/src/main/javadoc/org/bouncycastle/pkcs/package.html
index c83de7cfdd..b93d1defd3 100644
--- a/pkix/src/main/javadoc/org/bouncycastle/pkcs/package.html
+++ b/pkix/src/main/javadoc/org/bouncycastle/pkcs/package.html
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-        "http://www.w3.org/TR/html4/loose.dtd">
+        "https://www.w3.org/TR/html4/loose.dtd">
 <html>
 <body bgcolor="#ffffff">
 Basic support package for handling and creating PKCS#10 certification requests, PKCS#8 encrypted keys and PKCS#12 keys stores.
diff --git a/pkix/src/test/resources/org/bouncycastle/mime/test/multi-alternative.eml b/pkix/src/test/resources/org/bouncycastle/mime/test/multi-alternative.eml
index b60a7aba55..7996c9734c 100644
--- a/pkix/src/test/resources/org/bouncycastle/mime/test/multi-alternative.eml
+++ b/pkix/src/test/resources/org/bouncycastle/mime/test/multi-alternative.eml
@@ -121,7 +121,7 @@ naturefile/comment</b></font>
 </tr></table>
 <br><br><br><!-- trailer -->
 <font face=3D"Verdana,Arial,Helvetica" size=3D"-2">
---&nbsp;<br>autogenerated email by <a href=3D"http://www.aktif-technology.c=
+--&nbsp;<br>autogenerated email by <a href=3D"https://www.aktif-technology.c=
 om">AKTIF</a>-EDIService (aedic.sm).
 Please do not respond to this emailaddress.</font>
 </body></html>
diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/BrokenPBE.java b/prov/src/main/java/org/bouncycastle/jce/provider/BrokenPBE.java
index a17362533b..509e76fc95 100644
--- a/prov/src/main/java/org/bouncycastle/jce/provider/BrokenPBE.java
+++ b/prov/src/main/java/org/bouncycastle/jce/provider/BrokenPBE.java
@@ -24,7 +24,7 @@
  * use it (it won't be staying around).
  * <p>
  * The document this implementation is based on can be found at
- * <a href=http://www.rsasecurity.com/rsalabs/pkcs/pkcs-12/index.html>
+ * <a href=https://www.rsasecurity.com/rsalabs/pkcs/pkcs-12/index.html>
  * RSA's PKCS12 Page</a>
  */
 class OldPKCS12ParametersGenerator
diff --git a/prov/src/main/java/org/bouncycastle/x509/util/LDAPStoreHelper.java b/prov/src/main/java/org/bouncycastle/x509/util/LDAPStoreHelper.java
index 68e450e5ee..7ee660fcb4 100644
--- a/prov/src/main/java/org/bouncycastle/x509/util/LDAPStoreHelper.java
+++ b/prov/src/main/java/org/bouncycastle/x509/util/LDAPStoreHelper.java
@@ -56,7 +56,7 @@
  * </p><p>
  * For the used schemes see:
  * <ul>
- * <li><a href="http://www.ietf.org/rfc/rfc2587.txt">RFC 2587</a>
+ * <li><a href="https://www.ietf.org/rfc/rfc2587.txt">RFC 2587</a>
  * <li><a
  * href="http://www3.ietf.org/proceedings/01mar/I-D/pkix-ldap-schema-01.txt">Internet
  * X.509 Public Key Infrastructure Additional LDAP Schema for PKIs and PMIs</a>
diff --git a/prov/src/main/jdk1.4/org/bouncycastle/x509/util/LDAPStoreHelper.java b/prov/src/main/jdk1.4/org/bouncycastle/x509/util/LDAPStoreHelper.java
index 325b424fc7..ed91ddc227 100644
--- a/prov/src/main/jdk1.4/org/bouncycastle/x509/util/LDAPStoreHelper.java
+++ b/prov/src/main/jdk1.4/org/bouncycastle/x509/util/LDAPStoreHelper.java
@@ -56,7 +56,7 @@
  * </p><p>
  * For the used schemes see:
  * <ul>
- * <li><a href="http://www.ietf.org/rfc/rfc2587.txt">RFC 2587</a>
+ * <li><a href="https://www.ietf.org/rfc/rfc2587.txt">RFC 2587</a>
  * <li><a
  * href="http://www3.ietf.org/proceedings/01mar/I-D/pkix-ldap-schema-01.txt">Internet
  * X.509 Public Key Infrastructure Additional LDAP Schema for PKIs and PMIs</a>
diff --git a/prov/src/test/java/org/bouncycastle/jce/provider/test/CMacTest.java b/prov/src/test/java/org/bouncycastle/jce/provider/test/CMacTest.java
index e9702e6b85..5bd9346813 100644
--- a/prov/src/test/java/org/bouncycastle/jce/provider/test/CMacTest.java
+++ b/prov/src/test/java/org/bouncycastle/jce/provider/test/CMacTest.java
@@ -12,7 +12,7 @@
 import org.bouncycastle.util.test.SimpleTest;
 
 /**
- * CMAC tester - <a href="http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/tv/omac1-tv.txt">AES Official Test Vectors</a>.
+ * CMAC tester - <a href="https://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/tv/omac1-tv.txt">AES Official Test Vectors</a>.
  */
 public class CMacTest
     extends SimpleTest
diff --git a/prov/src/test/java/org/bouncycastle/jce/provider/test/FIPSDESTest.java b/prov/src/test/java/org/bouncycastle/jce/provider/test/FIPSDESTest.java
index 5a599879b7..80024d458a 100644
--- a/prov/src/test/java/org/bouncycastle/jce/provider/test/FIPSDESTest.java
+++ b/prov/src/test/java/org/bouncycastle/jce/provider/test/FIPSDESTest.java
@@ -23,7 +23,7 @@
 
 /**
  * basic FIPS test class for a block cipher, just to make sure ECB/CBC/OFB/CFB are behaving
- * correctly. Tests from <a href=http://www.itl.nist.gov/fipspubs/fip81.htm>FIPS 81</a>.
+ * correctly. Tests from <a href=https://www.itl.nist.gov/fipspubs/fip81.htm>FIPS 81</a>.
  */
 public class FIPSDESTest
     implements Test
diff --git a/prov/src/test/java/org/bouncycastle/jce/provider/test/MacTest.java b/prov/src/test/java/org/bouncycastle/jce/provider/test/MacTest.java
index d011eb712f..4ec93754b7 100644
--- a/prov/src/test/java/org/bouncycastle/jce/provider/test/MacTest.java
+++ b/prov/src/test/java/org/bouncycastle/jce/provider/test/MacTest.java
@@ -13,8 +13,8 @@
 
 /**
  * MAC tester - vectors from 
- * <a href=http://www.itl.nist.gov/fipspubs/fip81.htm>FIP 81</a> and 
- * <a href=http://www.itl.nist.gov/fipspubs/fip113.htm>FIP 113</a>.
+ * <a href=https://www.itl.nist.gov/fipspubs/fip81.htm>FIP 81</a> and 
+ * <a href=https://www.itl.nist.gov/fipspubs/fip113.htm>FIP 113</a>.
  */
 public class MacTest
     extends SimpleTest
diff --git a/prov/src/test/java/org/bouncycastle/jce/provider/test/PKIXTest.java b/prov/src/test/java/org/bouncycastle/jce/provider/test/PKIXTest.java
index 99d21b0be2..7e83817e5c 100644
--- a/prov/src/test/java/org/bouncycastle/jce/provider/test/PKIXTest.java
+++ b/prov/src/test/java/org/bouncycastle/jce/provider/test/PKIXTest.java
@@ -18,7 +18,7 @@ public class PKIXTest
 {
     /*
      * The following certs and crls are described in:
-     * http://www.ietf.org/internet-drafts/draft-ietf-pkix-new-part1-08.txt
+     * https://www.ietf.org/internet-drafts/draft-ietf-pkix-new-part1-08.txt
      *
      *   This section contains four examples: three certificates and a CRL.
      *   The first two certificates and the CRL comprise a minimal
@@ -150,8 +150,8 @@ public class PKIXTest
         * (g)  the certificate is an end entity certificate (not a CA
         * certificate);
         * (h)  the certificate includes an alternative subject name of
-     *    "<http://www.itl.nist.gov/div893/staff/polk/index.html>" and an
-        * alternative issuer name of "<http://www.nist.gov/>" - both are URLs;
+     *    "<https://www.itl.nist.gov/div893/staff/polk/index.html>" and an
+        * alternative issuer name of "<https://www.nist.gov/>" - both are URLs;
         * (i)  the certificate include an authority key identifier extension
         * and a certificate policies extension psecifying the policy OID
         * 2.16.840.1.101.3.2.1.48.9; and
diff --git a/tls/docs/GnuTLSSetup.html b/tls/docs/GnuTLSSetup.html
index 079d2932c6..be72efa7cf 100644
--- a/tls/docs/GnuTLSSetup.html
+++ b/tls/docs/GnuTLSSetup.html
@@ -1,10 +1,10 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+    "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="https://www.w3.org/1999/xhtml">
 <body>
 <h3>Instructions for setting up a GnuTLS server for use with DTLSClientTest, TlsClientTest.</h3>
 <ul>
-<li> Download GnuTLS from http://www.gnutls.org/download.html
+<li> Download GnuTLS from https://www.gnutls.org/download.html
 
 <li> Unpack to folder and add ${GNUTLS_HOME}/bin to PATH
 
@@ -25,6 +25,6 @@ <h3>Instructions for setting up a GnuTLS server for use with DTLSClientTest, Tls
 </ul>
 </li>
 </ul>
-<p> Further information in GnuTLS documentation at <a href="http://www.gnutls.org/documentation.html">http://www.gnutls.org/documentation.html</a> see "7.2. Invoking gnutls-serv", section titled "gnutls-serv Examples" if you want to generate your own keys and certificates.</p>
+<p> Further information in GnuTLS documentation at <a href="https://www.gnutls.org/documentation.html">https://www.gnutls.org/documentation.html</a> see "7.2. Invoking gnutls-serv", section titled "gnutls-serv Examples" if you want to generate your own keys and certificates.</p>
 </body>
 </html>
diff --git a/tls/docs/OpenSSLSetup.html b/tls/docs/OpenSSLSetup.html
index 06d2a00e8c..b8f9f9f994 100644
--- a/tls/docs/OpenSSLSetup.html
+++ b/tls/docs/OpenSSLSetup.html
@@ -1,6 +1,6 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+    "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="https://www.w3.org/1999/xhtml">
 <body>
 <h3>Instructions for setting up an OpenSSL server for use with DTLSClientTest, DTLSServerTest, TlsClientTest, TlsServerTest.</h3>