Support and FIPS FAQ
What is the end-of-life policy for Bouncy Castle Releases?
At the moment we treat any release more than 4 years old as "end of lifed". The age of a particular release is taken from the end of the calendar year in which the release was made.
We do keep archives of all releases and are willing to provide patches for those on a consulting basis if required. If you are using an old BC release it is worth bearing in mind that in addition to bug fixes and addtions to the APIs, some new releases of the Bouncy Castle libraries are done for security reasons and also productivity reasons (as in when we find a simpler, and hopefully less error prone, way of getting a particular job done, we normally role it in). For these reasons alone it is worth periodically migrating to new versions of the APIs. Advice related to migrating to a more recent release of the Bouncy Castle APIs is included as part of regular support and does not decrease available consulting time.
I've got a test system, development system and a disaster recovery system, do I need a separate support agreement for each?
No. One agreement will cover all of them.
Is there a limit on the number of incidents that can be reported under a support contract?
No. We do not currently have a limit on the number of incidents, none of our existing clients have abused this to date, so we do not expect to introduce one in the forseeable future either.
Do support contracts include any consulting time?
Yes. At the moment a Bronze level support contract includes 10 hours of consulting time, with a Gold level one offering up to 100 hours. Additional consulting time can be purchased if required on an ad-hoc basis at a reduced rate. Please note unused consulting time does not accumulate between contracts, unused time is donated back to the Bouncy Castle project.
I am interested in FIPS. Do support contracts include early access to the FIPS APIs?
Yes. Holders of Bouncy Castle support contracts also qualify for early access to the Bouncy Castle FIPS APIs.
I am interested in FIPS. If my application is using the FIPS APIs is it FIPS compliant?
Generally the answer to this is yes, providing your application is using the FIPS API according to the security policy provided for the FIPS module. We are happy to review your usage of the API to certify this is the case. Depending on the size of the code using encryption this may even take less than 10 hours so if you are support contract holder and this is the only task you need done by us, it is likely no extra costs will be incurred. Please feel free to contact us for further details.