Openfire 4.4.4 is not starting with bouncycastle fips provider

subinzachariah · April 9, 2020, 1:25pm

Openfire 4.4.4 version is not starting with bouncycastlefips provider.

Below are the security providers I used for openfire

security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider BCFIPS
security.provider.3=com.rsa.jsafe.provider.JsafeJCE
security.provider.4=sun.security.provider.Sun
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.rsa.jsse.JsseProvider

Also used below jar files in the classpath
bcprov-jdk15on-165.jar, bc-fips-1.0.2.jar, bctls-jdk15on-164.jar , bcpkix-jdk15on-1.63.jar

In the openfire code there is default intitalization of BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) in org.jivesoftware.util.AesEncryptor. It seems due to this only bouncycastlejsse and fips are not working.

There is no error found in any of the logs.

Is there any way to start openfire with those security providers.

Bikash_Pattanaik · November 30, 2022, 6:12am

Is there a plan to address this issue ?

guus · November 30, 2022, 8:26am

There are no plans that I know if to make the security providers used by Openfire configurable. Can you motivate the request? I’m interested in the use cases for this.

Brinal · April 20, 2023, 6:10am

Hi @guus, how about a user who wants to configure a FIPS-compliant security provider such as bc-fips?

guus · April 20, 2023, 12:02pm

I have raised a new ticket in our issue tracker for this: [OF-2593] - Ignite Realtime Jira