I agree that Knox users who operate in FIPS environments with this BouncyCastle library will benefit from this improvement. Ideally, it would be fixed in the BouncyCastle library itself, but it has remained as it is for quite some time now. Thank you for implementing a good workaround.
- Phil On Tue, Jul 29, 2025 at 10:47 AM Sandor Molnar <[email protected]> wrote: > Hi Tamas! > > First of all, thank you for all your contributions you made in the Knox > project so far! > > I strongly believe this PR is a great help for such users who are working > in FIPS environments, and would save them debugging/testing hours/days if > they run into the same issue. > > Knox, being a security component, should support FIPS as a generic feature > and this work is a great addition to achieve this goal. > > This is a +1 from me (LGTM; ship it). > > Sandor > > On 2025/07/29 14:34:57 Tamás Hanicz wrote: > > Hey Folks, > > > > I've opened a PR <https://github.com/apache/knox/pull/1065>a few days > ago > > regarding a BouncyCastle issue that I encountered on a FIPS cluster. If > > this particular provider is loaded it tries to write to already closed > > connections resulting in a SocketException: (Broken Pipe). I added more > > details in the JIRA <https://issues.apache.org/jira/browse/KNOX-3172>. > > The solution would only load if a specific FIPS java opt is present. I > > believe this can be a great addition to Knox. If other community members > > encounter the same issue in the future this can unblock them. > > > > Does anyone have any suggestions? > > > > Regards, Tamas > > >
