[ https://issues.apache.org/jira/browse/DIRSERVER-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17479161#comment-17479161 ]
Emmanuel Lécharny commented on DIRSERVER-2363: ---------------------------------------------- This is not simple... BC-FIPS is currently only for java 7, java 8 and java 11. I don't mind using this for those java versions, but what about Java 15 which we are supposed to support ? More important: the reason we have used BC was it offered some convenient function to generate the needed certificates. I'm pretty sure we can do the exact same with the JDK. I would take this road if needed. > Use FIPS-compliant Bouncy Castle > -------------------------------- > > Key: DIRSERVER-2363 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2363 > Project: Directory ApacheDS > Issue Type: Improvement > Reporter: Andrew Watson > Priority: Major > > *org.apache.directory.server* is currently using a non-FIPS compliant Bouncy > Castle > [https://en.wikipedia.org/wiki/FIPS_140] > See here, for example > [https://github.com/apache/directory-server/blob/master/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java#L54] > It would be helpful if FIPS compliance could be introduced here (for projects > looking to achieve FIPS compliance and which uptake > {*}org.apache.directory.server{*}), in part by moving to the FIPS-compliant > {*}org.bouncycastle:bc-fips{*}. -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org