Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenJdk 13 HTTPS handling issue - BCXDHPublicKey cannot be cast to class XECPublicKey #111

Open
tkohegyi opened this issue Apr 15, 2021 · 4 comments
Open

OpenJdk 13 HTTPS handling issue - BCXDHPublicKey cannot be cast to class XECPublicKey #111

tkohegyi opened this issue Apr 15, 2021 · 4 comments

Comments

@tkohegyi
Copy link
Contributor

Proxy log contains this error message:

java.lang.ClassCastException: class org.bouncycastle.jcajce.provider.asymmetric.edec.BCXDHPublicKey cannot be cast to class java.security.interfaces.XECPublicKey (org.bouncycastle.jcajce.provider.asymmetric.edec.BCXDHPublicKey is in unnamed module of loader 'app'; java.security.interfaces.XECPublicKey is in module java.base of loader 'bootstrap')

The issue is caused by issue in 3rd party library - bcgit/bc-java#589 - see more details there.
Meanwhile we are waiting for real solution, this workaround sometimes work:

Start Wilma with additional parameter in command line:
-Djdk.tls.namedGroups="secp256r1, secp384r1, ffdhe2048, ffdhe3072"
@tkohegyi tkohegyi reopened this May 16, 2021
tkohegyi added a commit that referenced this issue May 16, 2021
@tkohegyi
issue #111 is still problematic, waiting for bountycastle fix
16c03ab
@tkohegyi
Copy link
Contributor Author

Issue still exists after BCv1.69 - bcgit/bc-java#620 is still active

tkohegyi referenced this issue Jul 27, 2021
@tkohegyi
all green so test more ssl handling
69974c2
@tkohegyi
Copy link
Contributor Author

Issue still exists with BCv1.71

@tkohegyi
Copy link
Contributor Author

Issue still exists with BCv1.77

@gravity8
Copy link

gravity8 commented Dec 6, 2024

in your pom.xml file add

<dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> <version>1.70</version> <exclusions> <exclusion> <groupId>conflicting.group</groupId> <artifactId>conflicting-artifact</artifactId> </exclusion> </exclusions> </dependency>

Create a security provider file and set the provider.

`@Configuration
public class SecurityProviderConfig {
public static void configure() {
// Remove Bouncy Castle if added programmatically
Security.removeProvider("BC");

    // Re-add Bouncy Castle with lower priority if needed
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

    // Ensure SunEC or default provider is used first
    System.out.println("Available Providers:");
    for (var provider : Security.getProviders()) {
        System.out.println(provider.getName());
    }
}

}`

That was how i resolved mine

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tkohegyi @gravity8