eolivelli commented on issue #961: ZOOKEEPER-3404. Downgrade BouncyCastle to 1.60 URL: https://github.com/apache/zookeeper/pull/961#issuecomment-496307315 As we are using BC only for tests it is okay to downgrade in order to make tests more stable. btw if we have these problems now someday we will see them again when we will need to upgrade. Aren't we using BC only for generating certs and keys ? it is not used by the runtime. BC comes with its own Security Providers, **I am afraid that it not polluting the classpath during tests** executions. The JVM (Javax Crypto) selects Security Providers by using what is on the classpath. **It is a problem if during tests execution we are using a Security Provider that it is not used in production.** We should add debug in every security-related utility and dump which Security Provider is in use. In order to be sure about the security provider we are using every Javax Crypto utility has a way to force the provider without using auto discovery. We should also add Netty (Google) Boring SSL library in order to be sure about the SSL implementation we are using. Unfortunately we are not using Netty yet on server to server communication, as so I guess we are more fragile in this Security Provider selection. cc @enixon
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services