tomaswolf commented on issue #590: URL: https://github.com/apache/mina-sshd/issues/590#issuecomment-2323044461
(Off-topic) Just noticed: using the bc-fips JAR in an OSGi environment might be difficult. I don't see any OSGi headers in the MANIFEST.MF. Plus the version number is unrelated to the normal BC. (BC also has LTS versions of the regular bundles that again use different version numbers, which might also pose some challenges in OSGi.) The general idea in PR #591 is that the `BouncyCastleSecurityRegistrar` should simply work with either, normal BC or BCFIPS. BTW; in https://github.com/jenkinsci/mina-sshd-api-plugin/pull/114/files#diff-9f68200faaabb5a0022f5eaa9de98ae4f9136bb2b6a766d698b8bc47203ad698R48 I notice two things: 1. A typo in the package name. 2. bc-fips does not have any native code, so its AES implementation is Java-only. SunJCE has a native AES implementation that is much faster. You probably also want to enable the `org.apache.sshd.common.util.security.SunJCESecurityProviderRegistrar` (name "SunJCEWrapper") to use the SunJCE AES (if that is FIPS compliant). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
