[
https://issues.apache.org/jira/browse/DIRSERVER-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17479161#comment-17479161
]
Emmanuel Lécharny commented on DIRSERVER-2363:
----------------------------------------------
This is not simple...
BC-FIPS is currently only for java 7, java 8 and java 11. I don't mind using
this for those java versions, but what about Java 15 which we are supposed to
support ?
More important: the reason we have used BC was it offered some convenient
function to generate the needed certificates. I'm pretty sure we can do the
exact same with the JDK. I would take this road if needed.
> Use FIPS-compliant Bouncy Castle
> --------------------------------
>
> Key: DIRSERVER-2363
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2363
> Project: Directory ApacheDS
> Issue Type: Improvement
> Reporter: Andrew Watson
> Priority: Major
>
> *org.apache.directory.server* is currently using a non-FIPS compliant Bouncy
> Castle
> [https://en.wikipedia.org/wiki/FIPS_140]
> See here, for example
> [https://github.com/apache/directory-server/blob/master/core/src/main/java/org/apache/directory/server/core/security/TlsKeyGenerator.java#L54]
> It would be helpful if FIPS compliance could be introduced here (for projects
> looking to achieve FIPS compliance and which uptake
> {*}org.apache.directory.server{*}), in part by moving to the FIPS-compliant
> {*}org.bouncycastle:bc-fips{*}.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
