[security] Recommendation about using BouncyCastle ?
Hi,
This is a question for Eclipse Security Team. (I don't know if this is the right place for this kind of question)
Do you have any recommendation about using Bouncy Castle in a Java Project ?
(This is mainly about having a more complete support of DTLS / TLS, default SunJCE provider has several lack like no PSK support)
Is it OK to use it ? or is it not safe enough ?
On my side I found that :
- https://en.wikipedia.org/wiki/Comparison_of_cryptography_libraries#FIPS_140
- https://security.stackexchange.com/questions/148418/is-it-safe-to-use-java-bouncycastle-cryptography-in-production-environment-over
If you have any opinion about it, thanks to share it
Oh also, I have a vague memories about IP issues with Bouncy Castles, is it still true ? @wbeaton