Red Hat Bugzilla – Bug 1269336
Replace Bouncycastle with NSS
Last modified: 2017-04-19 08:51:50 EDT
Description of problem: Bouncycastle is an SSL encryption library that deviates from ongoing downstream / upstream efforts to standardize PKI. The intended effort is to ensure that RHEL and other Red Hat products are standards compliant. The preferred crypto library for Red Hat products is Mozilla NSS to provide FIPS compliance. Currently, Satellite 5.7 can be configured to run FIPS compliant. Version-Release number of selected component (if applicable): ALL How reproducible: Always Steps to Reproduce: 1. katello-installer 2. rpm -qa | grep bouncycastle Actual results: /etc/rhsm/ca Expected results: /etc/pki/rhsm/ca Additional info: https://www.redhat.com/en/about/blog/red-hat-launches-red-hat-satellite-57 https://www.redhat.com/en/about/press-releases/red-hat-completes-fips-1402-certifications https://fedoraproject.org/wiki/Features/SharedSystemCertificates https://fedoraproject.org/wiki/FedoraCryptoConsolidation https://fedorahosted.org/penrose/ - Penrose was a product acquired by Red Hat to provide federated identity which used bouncycastle and discontinued due to DISA disapproval.
It seems that this has been resolved already by 6.2, moving to ON_QA for verification.
I am going to close this as CURRENTRELEASE. Satellite 6.2.9 does not ship with bouncy castle. If you feel this is in error, please reopen and provide further information.