TLSv1.2 with Bouncy Castle and RSAPSS throws NPE during ECDHServerKeyExchange on OpenJDK8 u272

Solution In Progress - Updated -


  • The following exception running Mule on OpenJDK 8 u272:
2021-02-26 15:12:39,624 [[bbus-esb-1.0.0].http.requester.HTTPS_Intesa.worker(9)] DEBUG org.glassfish.grizzly.ssl.SSLBaseFilter - Error during re-handshaking
java.lang.NullPointerException: null
        at org.bouncycastle.crypto.signers.PSSSigner.generateSignature(Unknown Source) ~[bcprov-jdk15on-1.56.jar:1.56.0]
        at org.bouncycastle.jcajce.provider.asymmetric.rsa.PSSSignatureSpi.engineSign(Unknown Source) ~[bcprov-jdk15on-1.56.jar:1.56.0]
        at$Delegate.engineSign( ~[?:1.8.0_275]
        at ~[?:1.8.0_275]
        at$T12CertificateVerifyMessage.<init>( ~[?:1.8.0_275]
        at$T12CertificateVerifyProducer.produce( ~[?:1.8.0_275]
        at ~[?:1.8.0_275]
        at$ServerHelloDoneConsumer.consume( ~[?:1.8.0_275]
        at ~[?:1.8.0_275]
        at ~[?:1.8.0_275]
        at$DelegatedTask$ ~[?:1.8.0_275]
        at$DelegatedTask$ ~[?:1.8.0_275]
        at Method) ~[?:1.8.0_275]
        at$ ~[?:1.8.0_275]
        at org.glassfish.grizzly.ssl.SSLUtils.executeDelegatedTask( ~[grizzly-framework-2.3.33.jar:2.3.33]
  • When will the fix for JDK-8256252 be available in a RH build of OpenJDK?


  • OpenJDK
    • 8 u272
    • 11

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In