This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

java.security.NoSuchProviderException: no such provider: BCJSSE

I get this runtime error when using JavaBeans generated for my VHI model.  How do I proceed?

Labels:

Verastream
  • Verified Answer

    Hi Frank Swarbrick,

    It looks like you are missing a reference to the bouncy castle providers.  Have a look at the VHI Documentation for the Java Requirements here .  Unfortunately, it looks like we had a certificate expire on this document site so you you will have to make an exception to view the document.  I will see if I can get that issue addressed ASAP.

    I believe this is what you need from the doc:

    Importing the AppConn Java Classes

    To use the AppConn interfaces, add the following statement into your classes:


    import com.wrq.apptrieve.appconn.*;
    import com.wrq.apptrieve.agent.*;
    import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;
    import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
    import java.security.Security;

    Adding the Bouncy Castle security provider

    security.addProvider(new BouncyCastleFipsProvider());
    security.addProvider(new BouncyCastleJsseProvider());

    Additionally, I think the following three bouncy castle jars are required –

    bc-fips-1.0.1.jar

    bcpkix-fips-1.0.0.jar

    bctls-fips-1.0.3.jar

    Regards,

    Jeff B

  • I'll try it out.  Is this a relatively new requirement?  We have had VHI running in production for many years, and no one here knows anything about any "Bouncy Castle" requirement for those environments.

  • This works, with one minor tweak.  In the following, "Security" needs a capital 'S':

    Security.addProvider(new BouncyCastleFipsProvider());
    Security.addProvider(new BouncyCastleJsseProvider());

    This does display (when executed from a batch java program, anyway) the following.

    When using the VHI supplied JRE (openjdk version "1.8.0_232"):

    Mar 31, 2021 5:04:09 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
    INFO: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULLMar 31, 2021 5:04:09 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
    INFO: Found string security property [jdk.certpath.disabledAlgorithms]: MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224

    Mar 31, 2021 5:04:09 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
    WARNING: Ignoring unsupported entry in 'jdk.certpath.disabledAlgorithms': SHA1 jdkCA & usage TLSServer


    When using  Oracle's JRE (java version "1.8.0_281"):

    Mar 31, 2021 5:06:16 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
    INFO: Found string security property [jdk.tls.disabledAlgorithms]: SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, include jdk.disabled.namedCurves

    Mar 31, 2021 5:06:16 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
    WARNING: Ignoring unsupported entry in 'jdk.tls.disabledAlgorithms': include jdk.disabled.namedCurves

    Mar 31, 2021 5:06:16 PM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
    INFO: Found string security property [jdk.certpath.disabledAlgorithms]: MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, include jdk.disabled.namedCurves

    Mar 31, 2021 5:06:16 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
    WARNING: Ignoring unsupported entry in 'jdk.certpath.disabledAlgorithms': SHA1 jdkCA & usage TLSServer

    Mar 31, 2021 5:06:16 PM org.bouncycastle.jsse.provider.DisabledAlgorithmConstraints create
    WARNING: Ignoring unsupported entry in 'jdk.certpath.disabledAlgorithms': include jdk.disabled.namedCurves

     

  • One additional comment.  It looks like by default, security is now required for Javabeans connecting to VHI.  This can be turned off during the Web Builder process by editing the Java Beans properties of the Project and unchecking "Require encrypted connection to the VHI server".  I don't see this documented anywhere.  This in turn will change the bean.properties line "requiresecureconnection=true" to "requiresecureconnection=false".

    Not that security isn't preferred, but I think this is worth mentioning.