Bouncycastle issue in JBoss EAP 7 after updating to JDK 11.0.10

Solution In Progress - Updated -

Issue

JDK 11.0.10 introduced support for X25519 and X448 in TLS which is handled by Bouncy Castle by providing version specific classes in a multi-release jar. During the handshake we're getting:

javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:339)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:295)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:286)
at java.base/sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:733)
at io.undertow.core@2.0.33.SP2-redhat-00001//io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslC
at io.undertow.core@2.0.33.SP2-redhat-00001//io.undertow.protocols.ssl.SslConduit.closed(SslConduit.jav
at io.undertow.core@2.0.33.SP2-redhat-00001//io.undertow.protocols.ssl.SslConduit.close(SslConduit.java
at io.undertow.core@2.0.33.SP2-redhat-00001//io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.j
at io.undertow.core@2.0.33.SP2-redhat-00001//io.undertow.protocols.ssl.SslConduit.doHandshake(SslCondui
at io.undertow.core@2.0.33.SP2-redhat-00001//io.undertow.protocols.ssl.SslConduit.access$900(SslConduit
at io.undertow.core@2.0.33.SP2-redhat-00001//io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.ja
at org.jboss.xnio.nio@3.7.12.Final-redhat-00001//org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:61
at org.jboss.xnio.nio@3.7.12.Final-redhat-00001//org.xnio.nio.WorkerThread.run(WorkerThread.java:479)}

 
which is caused by

java.lang.ClassCastException: class org.bouncycastle.jcajce.provider.asymmetric.edec.BCXDHPublicKey cannot be cast to class java.security.interfaces.XECPublicKey (org.bouncycastle.jcajce.provider.asymmetric.edec.BCXDHPublicKey is in unnamed module of loader 'org.bouncycastle@1.65.0.redhat-00001' @578de4d9; java.security.interfaces.XECPublicKey is in module java.base of loader 'bootstrap')

Environment

Red Hat Enterprise Application Platform (EAP) 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content