EDIT: all of the references seem to just talk about "on Android", but wanted to make sure anyways
We use this with Gerrit.
I briefly talked to @demon and we think it may affect Gerrit in production.
NIST and Packet Storm both talk just about "on Android" though?
In jessie this exists but as a source-only package which first confused me about the availability of the package "bouncycastle".
Should it be just, apt-get source bouncycastle and dpkg-buildpackage -us -uc in the source dir? Currently we are not installing the package, instead Bouncy Castle comes bundled with Gerrit. But we would like to use the proper Debian package instead and also patch this.