ppalaga commented on code in PR #6241: URL: https://github.com/apache/camel-quarkus/pull/6241#discussion_r1671965464
########## extensions/crypto/runtime/src/main/doc/usage.adoc: ########## @@ -0,0 +1,23 @@ +=== FIPS + +When running `crypto` extension on FIPS enabled system the BC-FIPS has to be utilized. Review Comment: I think that now after the module split, the statement "BC-FIPS has to be utilized" is too strong. I would say "any FIPS-compliant Java Security Provider (such as BC-FIPS) hast to be used instead of `bcprov`" is right as of Camel 4.7.0. Actually I wonder, whether there is any reason (beyond backwards compatibility) NOT to remove BC from the Crypto component in Camel? The Camel crypto module not only compiles but also its tests are passing after the removal of all BC dependencies. `SunJCE` provider might be just fine for the basic usage. Note that I have not looked whether the tests perform some real crypto-operations, but I strongly hope so. If we remove BC from the crypto component, then the component should keep working out of the box also on FIPS enabled systems, no? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
