I’ve noticed that OpenFire is distributed with a BouncyCastle jar.
Does OpenFire use BouncyCastle for cryptographic operations?
Or is it using the Java Cryptographic Extension?
BouncyCastle is not yet an approved FIPS 140-2 cryptographic module and would therefore make OpenFire unsuitable for environments with this requirement.
Can anyone provide clarification on which cryptographic provider is performing encryption within OpenFire?