Support and FIPS FAQ
What is the end-of-life policy for Bouncy Castle Releases?
At the moment we treat any release more than 4 years old as "end of lifed". The age of a particular release is taken from the end of the calendar year in which the release was made.
We do keep archives of all releases and are willing to provide patches for those on a consulting basis if required. If you are using an old BC release it is worth bearing in mind that in addition to bug fixes and addtions to the APIs, some new releases of the Bouncy Castle libraries are done for security reasons and also productivity reasons (as in when we find a simpler, and hopefully less error prone, way of getting a particular job done, we normally role it in). For these reasons alone it is worth periodically migrating to new versions of the APIs. Advice related to migrating to a more recent release of the Bouncy Castle APIs is included as part of regular support and does not decrease available consulting time.
What support contracts are offered?
Our contracts come in 3 classes: Bronze, Enterprise and Enterprise Combined. Bronze and Enterprise cover either Java or C# with different levels of support. Enterprise Combined provides Enterprise level support for both the Java and C# together.
I've got a test system, development system and a disaster recovery system, do I need a separate support agreement for each?
No. One agreement will cover all of them.
Is there a limit on the number of incidents that can be reported under a support contract?
No. We do not currently have a limit on the number of incidents, none of our existing clients have abused this to date, so we do not expect to introduce one in the forseeable future either.
How many named contacts can I have with a support contract?
Currently a Bronze level support agreement includes 2 nominated contacts from your organisation. Enterprise level agreements allows for named contacts to be domain name based.
Do support contracts include any consulting time?
Yes. At the moment a Bronze level support contract includes 10 hours of consulting time, with both Enterprise and Enterprise Combined offering up to 100 hours. Additional consulting time can be purchased if required on an ad-hoc basis at a reduced rate. Please note unused consulting time does not accumulate between contracts, unused time is donated back to the Bouncy Castle project.
I am interested in FIPS. Do support contracts include early access to the FIPS APIs?
Yes. Holders of Bouncy Castle support contracts also qualify for early access to the Bouncy Castle FIPS APIs. Enterprise Combined contract holders have early access to both the Java and the C# FIPS projects. FIPS early access also includes the CAVP and operational test harnesses for certification.
I am interested in FIPS. If my application is using the FIPS APIs is it FIPS compliant?
Generally the answer to this is yes, providing your application is using the FIPS API according to the security policy provided for the FIPS module. We are happy to review your usage of the API to certify this is the case. Depending on the size of the code using encryption this may even take less than 10 hours so if you are support contract holder and this is the only task you need done by us, it is likely no extra costs will be incurred.
I am interested. What do I do now?
Please contact us for further details.