This is a great improvement for our most security conscious deployments, @Tamás Hanicz <[email protected]> !
+1 On Tue, Jul 29, 2025 at 2:28 PM Phil Zampino <[email protected]> wrote: > I agree that Knox users who operate in FIPS environments with this > BouncyCastle library will benefit from this improvement. > Ideally, it would be fixed in the BouncyCastle library itself, but it has > remained as it is for quite some time now. Thank you for implementing a > good workaround. > > - Phil > > On Tue, Jul 29, 2025 at 10:47 AM Sandor Molnar <[email protected]> wrote: > > > Hi Tamas! > > > > First of all, thank you for all your contributions you made in the Knox > > project so far! > > > > I strongly believe this PR is a great help for such users who are working > > in FIPS environments, and would save them debugging/testing hours/days if > > they run into the same issue. > > > > Knox, being a security component, should support FIPS as a generic > feature > > and this work is a great addition to achieve this goal. > > > > This is a +1 from me (LGTM; ship it). > > > > Sandor > > > > On 2025/07/29 14:34:57 Tamás Hanicz wrote: > > > Hey Folks, > > > > > > I've opened a PR <https://github.com/apache/knox/pull/1065>a few days > > ago > > > regarding a BouncyCastle issue that I encountered on a FIPS cluster. If > > > this particular provider is loaded it tries to write to already closed > > > connections resulting in a SocketException: (Broken Pipe). I added more > > > details in the JIRA <https://issues.apache.org/jira/browse/KNOX-3172>. > > > The solution would only load if a specific FIPS java opt is present. I > > > believe this can be a great addition to Knox. If other community > members > > > encounter the same issue in the future this can unblock them. > > > > > > Does anyone have any suggestions? > > > > > > Regards, Tamas > > > > > >
