Description
I'm not entirely sure if this is a BC issue or something with 8u292 but here goes:
After bumping the Java version to 8u292 our services (vert.x based) failed to start with the following message:
java.security.KeyStoreException: Key protection algorithm not found:
java.security.UnrecoverableKeyException: Encrypt Private Key failed:
unrecognized algorithm name: PBEWithSHA1AndDESede
From what I could tell this happened while setting up the pem cert files for the HTTPS server.
Services are using bcprov-jdk15on:168 and we were doing Security.addProvider to add BC.
I was able to confirm that:
- Even not adding
BCas a provider, just by it being in the classpath the above error occurs - If
BCis inserted aboveJSSEprovider then the problem goes away - I went back on BC versions and once I reached
1.56the issue no longer happened (from1.57up to1.68has the same issue) - I am using Zulu JDK distribution, problem happens in both the glibc (
Zulu 8.54.0.21-CA-linux64) and musl (Zulu 8.54.0.21-CA-linux-musl-x64) variant. As mentioned all version leading up to 8u282 had no such issue.
Another (might be unrelated) issue happened when BC was added before the SUN provider (pos 1). While using postgresql jdbc driver to connect to postgres using TLS, the driver would "hang" while switching to an SSL socket taking as much as 45s to connect (it would eventually succeed). When BC is added after the SUN provider then the switch happens in under 1s.
Like I mentioned in the beginning it's a bit hard tell whether this is a BC issue or one (or more) issues with vertx/postgresql or even some issue with the Java update... so I though I'd posted here first.