Class cast exception occur while updating OpenJDK version from 11.0.2 to 11.0.10

Question

After updating the minor version of OpenJDK , I am getting an error in any API call with HTTPS protocol

The same code was working fine with the older version.

Older version(Working fine):

java version "11.0.2" 2019-01-15 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.2+9-LTS)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.2+9-LTS, mixed mode)

New Version(Not working):

openjdk version "11.0.10" 2021-01-19
OpenJDK Runtime Environment (build 11.0.10+9-Ubuntu-0ubuntu1.18.04)
OpenJDK 64-Bit Server VM (build 11.0.10+9-Ubuntu-0ubuntu1.18.04, mixed mode, sharing)

Error:

javax.net.ssl.SSLException: class org.bouncycastle.jcajce.provider.asymmetric.edec.BCXDHPublicKey cannot be cast to class java.security.interfaces.XECPublicKey (org.bouncycastle.jcajce.provider.asymmetric.edec.BCXDHPublicKey is in unnamed module of loader org.springframework.boot.loader.LaunchedURLClassLoader @2e0fa5d3; java.security.interfaces.XECPublicKey is in module java.base of loader 'bootstrap')

Caused by: java.lang.ClassCastException: class org.bouncycastle.jcajce.provider.asymmetric.edec.BCXDHPublicKey cannot be cast to class java.security.interfaces.XECPublicKey (org.bouncycastle.jcajce.provider.asymmetric.edec.BCXDHPublicKey is in unnamed module of loader org.springframework.boot.loader.LaunchedURLClassLoader @2e0fa5d3; java.security.interfaces.XECPublicKey is in module java.base of loader 'bootstrap')
at java.base/sun.security.ssl.XDHKeyExchange$XDHEPossession.<init>(XDHKeyExchange.java:108)
at java.base/sun.security.ssl.NamedGroup$XDHFunctions.createPossession(NamedGroup.java:754)
at java.base/sun.security.ssl.NamedGroup.createPossession(NamedGroup.java:394)
at java.base/sun.security.ssl.SSLKeyExchange$T13KeyAgreement.createPossession(SSLKeyExchange.java:568)
at java.base/sun.security.ssl.SSLKeyExchange.createPossessions(SSLKeyExchange.java:84)
at java.base/sun.security.ssl.KeyShareExtension$CHKeyShareProducer.produce(KeyShareExtension.java:257)
at java.base/sun.security.ssl.SSLExtension.produce(SSLExtension.java:563)
at java.base/sun.security.ssl.SSLExtensions.produce(SSLExtensions.java:253)
at java.base/sun.security.ssl.ClientHello$ClientHelloKickstartProducer.produce(ClientHello.java:650)
at java.base/sun.security.ssl.SSLHandshake.kickstart(SSLHandshake.java:525)
at java.base/sun.security.ssl.ClientHandshakeContext.kickstart(ClientHandshakeContext.java:107)
at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:232)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:433)
... 11 common frames omitted

I am using URLConnection to establish the new connection with any URL but at the time of connection URL connection.connect().

Any solutions or workaround for this? How can I downgrade the minor version?

Answer 1

The answer, for google completeness, is that the underlying API changed when the JDK added support for the X25519 and X448 ECDH protocols. Bouncycastle had to use multi-release classes to fix the issue. So you update your dependency.

If it's not your software the work around, as in this issue, normally is to remove support of these protocols, like such:

java -Djdk.tls.namedGroups="secp256r1, secp384r1, ffdhe2048, ffdhe3072" ...

or

export JAVA_TOOL_OPTIONS="-Djdk.tls.namedGroups=\"secp256r1, secp384r1, ffdhe2048, ffdhe3072\""

Answer 2

For this type of bouncycastle class not found exception. need to add bouncy castle dependency to your pom.xml or build.gradle file.

add below dependency for maven and gradle.

For Gradle :: implementation group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.68'

For Maven ::

<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk15on</artifactId>
    <version>1.68</version>
</dependency>