Bug 1269336 - Replace Bouncycastle with NSS
Replace Bouncycastle with NSS
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Security (Show other bugs)
Unspecified Linux
unspecified Severity medium (vote)
: Unspecified
: --
Assigned To: satellite6-bugs
Katello QA List
: Triaged
Depends On:
  Show dependency treegraph
Reported: 2015-10-07 00:07 EDT by Jesse P. Johnson
Modified: 2017-04-19 08:51 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-04-19 08:51:50 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jesse P. Johnson 2015-10-07 00:07:02 EDT
Description of problem:

Bouncycastle is an SSL encryption library that deviates from ongoing downstream / upstream efforts to standardize PKI. The intended effort is to ensure that RHEL and other Red Hat products are standards compliant. The preferred crypto library for Red Hat products is Mozilla NSS to provide FIPS compliance. Currently, Satellite 5.7 can be configured to run FIPS compliant.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. katello-installer
2. rpm -qa | grep bouncycastle

Actual results:

Expected results:

Additional info:
https://fedorahosted.org/penrose/ - Penrose was a product acquired by Red Hat to provide federated identity which used bouncycastle and discontinued due to DISA disapproval.
Comment 4 Tomer Brisker 2016-11-06 10:01:00 EST
It seems that this has been resolved already by 6.2, moving to ON_QA for verification.
Comment 5 Tomer Brisker 2017-04-19 08:51:50 EDT
I am going to close this as CURRENTRELEASE. Satellite 6.2.9 does not ship with bouncy castle. If you feel this is in error, please reopen and provide further information.

Note You need to log in before you can comment on or make changes to this bug.