We have Tomcat 9.0.81 running under OpenJDK 1.8.0_402-b06 Since the latest OpenJDK upgrade we get some errors when trying to perform SSL Operations like obtaining the bytes of an HTTPS url or sending an email through SMTP with TLS on.
Note that with the same jdk, those operations succeed when run directly with java outside of Tomcat. The top of the stack traces always has org/bouncycastle/asn1/x9/X9Curve as "class not found". Here is the stack trace for a regular smtp email send failed attempt: java.lang.NoClassDefFoundError: org/bouncycastle/asn1/x9/X9Curve at org.bouncycastle.asn1.x9.X9ECParameters.toASN1Object(Unknown Source) at org.bouncycastle.asn1.ASN1Encodable.getDERObject(Unknown Source) at org.bouncycastle.asn1.x9.X962Parameters.<init>(Unknown Source) at org.bouncycastle.jce.provider.JCEECPublicKey.getEncoded(Unknown Source) at org.bouncycastle.jce.provider.JCEECPrivateKey.getPublicKeyDetails(Unknown Source) at org.bouncycastle.jce.provider.JCEECPrivateKey.<init>(Unknown Source) at org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$EC.generateKeyPair(Unknown Source) at sun.security.ssl.ECDHKeyExchange$ECDHEPossession.<init>(ECDHKeyExchange.java:128) at sun.security.ssl.ECDHClientKeyExchange$ECDHEClientKeyExchangeProducer.produce(ECDHClientKeyExchange.java:392) at sun.security.ssl.ClientKeyExchange$ClientKeyExchangeProducer.produce(ClientKeyExchange.java:65) at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421) at sun.security.ssl.ServerHelloDone$ServerHelloDoneConsumer.consume(ServerHelloDone.java:182) at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182) at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152) at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1401) at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1309) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440) at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:602) at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:529) at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:2135) at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:734) at javax.mail.Service.connect(Service.java:364) at javax.mail.Service.connect(Service.java:222) at javax.mail.Service.connect(Service.java:171) and the stack trace while trying to obtain an HTTPS url with jersey-client org/bouncycastle/asn1/x9/X9Curve at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:312) at org.glassfish.jersey.client.JerseyInvocation.lambda$invoke$1(JerseyInvocation.java:675) at org.glassfish.jersey.client.JerseyInvocation.call(JerseyInvocation.java:697) at org.glassfish.jersey.client.JerseyInvocation.lambda$runInScope$3(JerseyInvocation.java:691) at org.glassfish.jersey.internal.Errors.process(Errors.java:292) at org.glassfish.jersey.internal.Errors.process(Errors.java:274) at org.glassfish.jersey.internal.Errors.process(Errors.java:205) at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:390) at org.glassfish.jersey.client.JerseyInvocation.runInScope(JerseyInvocation.java:691) at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:674) at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:422) at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:318) I asked for an upgrade of tomcat from 9.0.81 to to 9.0.86 and am waiting to see if this will resolve our problems. Any advice or links/reports on that problem would be appreciated. Simon