[SERVER-3135] Bump BouncyCastle to at least 1.70 (FOSS) - Puppet Jira Server

XML

Word

Printable

Details

Type: Task
Status: Resolved
Priority: Normal
Resolution: Done
Affects Version/s: None
Fix Version/s: SERVER 7.6.1, SERVER 6.19.0
Component/s: Puppet Server
Labels:
- docs_reviewed

Team:
Froyo
Story Points:
2
Sprint:
Froyo - 2/2/2022

Release Notes:
Enhancement
Release Notes Summary:
Puppet Server now ships with Bouncy Castle 1.70, which has improved TLS 1.3 support.

QA Risk Assessment:
Needs Assessment

Description

We're currently using BC 1.68 which came out around a year ago. We should update to BC 1.70 which just came out. 1.70 contains TLS v1.3 & ECDSA bug fixes which we think we'll start seeing more of now that we've enabled TLS v1.3 by default.

This ticket includes:

update jvm-ssl-utils to test that there's not regressions (there are potentially backwards incompatible changes in 1.69).
ensure the new utils jar that they've split out is pulled in transitively from the artifact ids and if not explicitly declaring a dependency on the new utils jar.
verify the new utils jar is properly removed by the "provided" profile
update clj-parent once we've verified it doesn't break jvm-ssl-utils and puppetserver (puppetserver testing is p art of the clj-parent bump process)
ensure puppetserver is updated to the new clj-parent (should be automatic)
let PDB know that they should be using the new version

Attachments

Activity

People

Assignee:: Maggie Dreyer

Reporter:: Justin Stoller

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2021/12/06 11:58 AM

Updated:: 2022/03/15 11:04 AM

Resolved:: 2022/02/01 8:10 AM