Hello Simon, > -----Ursprüngliche Nachricht----- > Von: Simon Arame <saxeo...@gmail.com> > Gesendet: Donnerstag, 22. Februar 2024 18:06 > An: users@tomcat.apache.org > Betreff: NoClassDefFoundError for SSL operations > > We have Tomcat 9.0.81 running under OpenJDK 1.8.0_402-b06 > > Since the latest OpenJDK upgrade we get some errors when trying to perform > SSL Operations like obtaining the bytes of an HTTPS url or sending an email > through SMTP with TLS on. > > Note that with the same jdk, those operations succeed when run directly with > java outside of Tomcat. > > The top of the stack traces always has org/bouncycastle/asn1/x9/X9Curve as > "class not found". > > Here is the stack trace for a regular smtp email send failed attempt: > > java.lang.NoClassDefFoundError: org/bouncycastle/asn1/x9/X9Curve > at org.bouncycastle.asn1.x9.X9ECParameters.toASN1Object(Unknown > Source) > at org.bouncycastle.asn1.ASN1Encodable.getDERObject(Unknown Source) > at org.bouncycastle.asn1.x9.X962Parameters.<init>(Unknown Source) > at org.bouncycastle.jce.provider.JCEECPublicKey.getEncoded(Unknown > Source) > at > org.bouncycastle.jce.provider.JCEECPrivateKey.getPublicKeyDetails(Unknown > Source) > at org.bouncycastle.jce.provider.JCEECPrivateKey.<init>(Unknown > Source) > at > org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$EC.generateKey > Pair(Unknown > Source) > at > sun.security.ssl.ECDHKeyExchange$ECDHEPossession.<init>(ECDHKeyExchange.j > ava:128) > at > sun.security.ssl.ECDHClientKeyExchange$ECDHEClientKeyExchangeProducer.pro > duce(ECDHClientKeyExchange.java:392) > at > sun.security.ssl.ClientKeyExchange$ClientKeyExchangeProducer.produce(ClientK > eyExchange.java:65) > at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421) > at > sun.security.ssl.ServerHelloDone$ServerHelloDoneConsumer.consume(ServerHe > lloDone.java:182) > at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) > at > sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) > at > sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) > at > sun.security.ssl.TransportContext.dispatch(TransportContext.java:182) > at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152) > at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1401) > at > sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1309) > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440) > at > com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:602) > at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:529) > at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:2135) > at > com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:734) > at javax.mail.Service.connect(Service.java:364) > at javax.mail.Service.connect(Service.java:222) > at javax.mail.Service.connect(Service.java:171) > > > and the stack trace while trying to obtain an HTTPS url with jersey-client > org/bouncycastle/asn1/x9/X9Curve > at > org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:312) > at > org.glassfish.jersey.client.JerseyInvocation.lambda$invoke$1(JerseyInvocation.ja > va:675) > at > org.glassfish.jersey.client.JerseyInvocation.call(JerseyInvocation.java:697) > at > org.glassfish.jersey.client.JerseyInvocation.lambda$runInScope$3(JerseyInvocati > on.java:691) > at org.glassfish.jersey.internal.Errors.process(Errors.java:292) > at org.glassfish.jersey.internal.Errors.process(Errors.java:274) > at org.glassfish.jersey.internal.Errors.process(Errors.java:205) > at > org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.jav > a:390) > at > org.glassfish.jersey.client.JerseyInvocation.runInScope(JerseyInvocation.java:691 > ) > at > org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:674) > at > org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java > :422) > at > org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:318 > ) > > > I asked for an upgrade of tomcat from 9.0.81 to to 9.0.86 and am waiting to > see > if this will resolve our problems. Any advice or links/reports on that problem > would be appreciated. > > Simon
Bouncycastle is a 3rd party library. It has nothing to do with Tomcat, nor the JDK. Check were you reference the bouncycastle class. You someone has edited the java.security file within the JDK. If you are on linux, you can also grep for any references. Greetings, Thomas
