OpenJdk 13 HTTPS handling issue - BCXDHPublicKey cannot be cast to class XECPublicKey

[tkohegyi]

Proxy log contains this error message:

java.lang.ClassCastException: class org.bouncycastle.jcajce.provider.asymmetric.edec.BCXDHPublicKey cannot be cast to class java.security.interfaces.XECPublicKey (org.bouncycastle.jcajce.provider.asymmetric.edec.BCXDHPublicKey is in unnamed module of loader 'app'; java.security.interfaces.XECPublicKey is in module java.base of loader 'bootstrap')

The issue is caused by issue in 3rd party library - bcgit/bc-java#589 - see more details there.
Meanwhile we are waiting for real solution, this workaround sometimes work:

Start Wilma with additional parameter in command line:
-Djdk.tls.namedGroups="secp256r1, secp384r1, ffdhe2048, ffdhe3072"

[tkohegyi]

Issue still exists after BCv1.69 - bcgit/bc-java#620 is still active

[tkohegyi]

Issue still exists with BCv1.71

[tkohegyi]

Issue still exists with BCv1.77

[gravity8]

in your pom.xml file add

<dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> <version>1.70</version> <exclusions> <exclusion> <groupId>conflicting.group</groupId> <artifactId>conflicting-artifact</artifactId> </exclusion> </exclusions> </dependency>

Create a security provider file and set the provider.

`@Configuration
public class SecurityProviderConfig {
public static void configure() {
// Remove Bouncy Castle if added programmatically
Security.removeProvider("BC");

    // Re-add Bouncy Castle with lower priority if needed
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

    // Ensure SunEC or default provider is used first
    System.out.println("Available Providers:");
    for (var provider : Security.getProviders()) {
        System.out.println(provider.getName());
    }
}

}`

That was how i resolved mine