NoClassDefFoundError for SSL operations

Thu, 22 Feb 2024 09:06:56 -0800 

We have Tomcat 9.0.81 running under OpenJDK 1.8.0_402-b06

Since the latest OpenJDK upgrade we get some errors when trying to perform
SSL Operations like obtaining the bytes of an HTTPS url or sending an email
through SMTP with TLS on.

Note that with the same jdk, those operations succeed when run directly
with java outside of Tomcat.

The top of the stack traces always has org/bouncycastle/asn1/x9/X9Curve as
"class not found".

Here is the stack trace for a regular smtp email send failed attempt:

java.lang.NoClassDefFoundError: org/bouncycastle/asn1/x9/X9Curve
        at org.bouncycastle.asn1.x9.X9ECParameters.toASN1Object(Unknown
Source)
        at org.bouncycastle.asn1.ASN1Encodable.getDERObject(Unknown Source)
        at org.bouncycastle.asn1.x9.X962Parameters.<init>(Unknown Source)
        at org.bouncycastle.jce.provider.JCEECPublicKey.getEncoded(Unknown
Source)
        at
org.bouncycastle.jce.provider.JCEECPrivateKey.getPublicKeyDetails(Unknown
Source)
        at org.bouncycastle.jce.provider.JCEECPrivateKey.<init>(Unknown
Source)
        at
org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$EC.generateKeyPair(Unknown
Source)
        at
sun.security.ssl.ECDHKeyExchange$ECDHEPossession.<init>(ECDHKeyExchange.java:128)
        at
sun.security.ssl.ECDHClientKeyExchange$ECDHEClientKeyExchangeProducer.produce(ECDHClientKeyExchange.java:392)
        at
sun.security.ssl.ClientKeyExchange$ClientKeyExchangeProducer.produce(ClientKeyExchange.java:65)
        at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421)
        at
sun.security.ssl.ServerHelloDone$ServerHelloDoneConsumer.consume(ServerHelloDone.java:182)
        at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
        at
sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
        at
sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
        at
sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
        at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152)
        at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1401)
        at
sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1309)
        at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440)
        at
com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:602)
        at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:529)
        at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:2135)
        at
com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:734)
        at javax.mail.Service.connect(Service.java:364)
        at javax.mail.Service.connect(Service.java:222)
        at javax.mail.Service.connect(Service.java:171)


and the stack trace while trying to obtain an HTTPS url with jersey-client
org/bouncycastle/asn1/x9/X9Curve
        at
org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:312)
        at
org.glassfish.jersey.client.JerseyInvocation.lambda$invoke$1(JerseyInvocation.java:675)
        at
org.glassfish.jersey.client.JerseyInvocation.call(JerseyInvocation.java:697)
        at
org.glassfish.jersey.client.JerseyInvocation.lambda$runInScope$3(JerseyInvocation.java:691)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:205)
        at
org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:390)
        at
org.glassfish.jersey.client.JerseyInvocation.runInScope(JerseyInvocation.java:691)
        at
org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:674)
        at
org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:422)
        at
org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:318)


I asked for an upgrade of tomcat from 9.0.81 to to 9.0.86 and am waiting to
see if this will resolve our problems. Any advice or links/reports on that
problem would be appreciated.

Simon

Reply via email to