jiazhai opened a new issue #10937: URL: https://github.com/apache/pulsar/issues/10937
**Describe the bug** In [bookkeeper # 2631](https://github.com/apache/bookkeeper/pull/2631), the default BouncyCastle was changed from non-fips into fips version. But the default version of BouncyCastle in Pulsar is the [non-fips](https://github.com/apache/pulsar/blob/v2.8.0/pulsar-client/pom.xml#L56) one(aimed to make it compatible with the old version of Pulsar). Bouncy Castle provides both FIPS and non-FIPS version, but in a JVM, it can not include both of the 2 versions(non-Fips and Fips), and we have to exclude the current version before including the other. This make the backward compatible a little hard, and that's why Pulsar has to involve individual module for [Bouncy Castle](https://pulsar.apache.org/docs/en/security-bouncy-castle). Pulsar excluded the dependencies of [bookkeeper-server's BouncyCastle](https://github.com/eolivelli/pulsar/blob/2de612791f0334fe469e8e0a58e291358af77cdb/pom.xml#L303) in Pulsar's pom file, and Pulsar only includes the non-fips version, but the bookkeeper-server still wants to use the hard-coded [fips version](https://github.com/Ghatage/bookkeeper/blob/fe45f8f52ba24706ba9b9226b73953b93ef3cefa/bookkeeper-server/src/main/java/org/apache/bookkeeper/tls/TLSContextFactory.java#L63) in [bookkeeper # 2631](https://github.com/apache/bookkeeper/pull/2631) And if we want to start BookKeeper with TLS enabled through Pulsar's binary, it will meet the following error: ``` Exception in thread "main" java.lang.NoClassDefFoundError: org/bouncycastle/jcajce/provider/BouncyCastleFipsProvider at java.base/java.lang.Class.forName0(Native Method) at java.base/java.lang.Class.forName(Class.java:315) at org.apache.bookkeeper.common.util.ReflectionUtils.forName(ReflectionUtils.java:49) at org.apache.bookkeeper.tls.SecurityProviderFactoryFactory.getSecurityProviderFactory(SecurityProviderFactoryFactory.java:39) at org.apache.bookkeeper.proto.BookieServer.<init>(BookieServer.java:129) at org.apache.bookkeeper.server.service.BookieService.<init>(BookieService.java:52) at org.apache.bookkeeper.server.Main.buildBookieServer(Main.java:304) at org.apache.bookkeeper.server.Main.doMain(Main.java:226) at org.apache.bookkeeper.server.Main.main(Main.java:208) Caused by: java.lang.ClassNotFoundException: org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581) at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522) ... 9 more ``` **To Reproduce** Steps to reproduce the behavior: 1. using pulsar 2.8.0, 2. start bookkeeper through `bin/pulsar bookie`, with [TLS enabled](https://bookkeeper.apache.org/docs/latest/security/tls/). **Expected behavior** By using `bin/pulsar bookie`, BookKeeper server should able to start success. BK should not hard-coded fips version for Bouncy Castle, it should have an option to use non-fips version to make it compatible. **Additional context** We may need to provide the fix in the BookKeeper side first, and then change the dependency of bookkeeper version in Pulsar. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
