[security] Recommendation about using BouncyCastle ?

Hi,

This is a question for Eclipse Security Team. (I don't know if this is the right place for this kind of question)

Do you have any recommendation about using Bouncy Castle in a Java Project ?
(This is mainly about having a more complete support of DTLS / TLS, default SunJCE provider has several lack like no PSK support)

Is it OK to use it ? or is it not safe enough ?

On my side I found that :

• https://en.wikipedia.org/wiki/Comparison_of_cryptography_libraries#FIPS_140
• https://security.stackexchange.com/questions/148418/is-it-safe-to-use-java-bouncycastle-cryptography-in-production-environment-over

If you have any opinion about it, thanks to share it 🙏

Oh also, I have a vague memories about IP issues with Bouncy Castles, is it still true ? @wbeaton