BC cipher suite list

[tonyjeftimov]

Hi All,
We have an integration project with a third party that use to work. They have now restarted testing (after several months) and now it doesn't work.
From what I can piece together with the limited support that they can give, is that during those inactive months they implemented TLSv1.3. From what I can gather from BC is that TLSv1.3 is supported.

From the logs at my end, this is the reported error:
14-Oct-2025 15:44:32 org.bouncycastle.jsse.provider.ProvTlsClient notifyAlertReceived
INFO: Client received fatal(2) handshake_failure(40) alert

They (and I via Postman) have been able to confirm that TLSv1.2 is still allowed.

They have also supplied the below list of allowed ciphers, none of which I have been able to find in my logs.
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

These are the jar's I have included.
bcpkix-jdk15to18-1.82.jar
bcprov-jdk15to18-1.82.jar
bctls-jdk15to18-1.82.jar
bcutil-jdk15to18-1.82.jar

I have limited knowledge of BC, but I'm sure I'm missing something.
I guess I just want to confirm for starters that the ciphers handled by BC. Secondly, can I get the logs to show anything more that might point to the issue.

Thanks, Tony.

[tonyjeftimov]

Sorry, I left out some important info:

Java(TM) SE Runtime Environment (build 1.6.0_11-b03)
Sun Microsystems Inc. (home C:\Sonic\Test\MQ8.0\jre, version 1.6.0_11)
Java HotSpot(TM) Client VM (build 11.0-b16, mixed mode)

[peterdettman]

The above contains several factual errors and irrelevant advice (and smells of AI); please ignore.

Edit: the offending comment has since been removed.

[peterdettman]

BCJSSE indeed supports TLS 1.3 and should do so fine in Java 6, although you may need to use BC extensions if you want similar features (like SSLParameters options) to more recent Java versions. All the listed cipher suites are supported, and enabled by default. The list of jars seems fine.

Since the fatal alert is being raised by the server (and the TLS protocol does not include error details), the answer to why the handshake failed actually lies with the server's logs. It may yet be useful to see more detailed client logs; BCJSSE uses the Java Logging API, so you could configure logging to FINEST for org.bouncycastle.jsse.**.