We have an Oracle Java class that connects to an external web site to perform various XML transactions.
They have recently upgraded their server and we are no longer able to connect due to their removal of weak algorithms.
I have loaded (loadjava) BouncyCastle libraries which have the required algorithms and whilst this works outside the database (using Eclipse) it does not work once loaded into Oracle.
Initially we were on 11.2.0.2 (Java 1.5.0_10) and I have also tried 11.2.0.4 (Java 1.6.0_43).
bcprov-ext-jdk15on-160.jar
bctls-jdk15on-160.jar (slightly modified to remove Java 1.7 and 1.8 classes that cause loadjava to fail)
BouncyCastle JCE and JSSE Providers are added programmatically at run time.
Java policies have been updated to unlimited.
Security.addProvider(new BouncyCastleProvider());
Security.addProvider(new BouncyCastleJsseProvider());
17/08/2018 2:14:30 PM org.bouncycastle.jsse.provider.ProvTlsClient notifyAlertRaised
WARNING: Client raised fatal(2) internal_error(80) alert: Failed to read record
org.bouncycastle.tls.crypto.TlsCryptoException: cannot calculate secret
at org.bouncycastle.tls.crypto.impl.jcajce.JceTlsECDomain.calculateECDHAgreement(JceTlsECDomain.java:73)
at org.bouncycastle.tls.crypto.impl.jcajce.JceTlsECDH.calculateSecret(JceTlsECDH.java:41)
...
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURL
Caused by: java.security.NoSuchAlgorithmException: Algorithm ECDH not available
at javax.crypto.KeyAgreement.getInstance(DashoA13*..)
at org.bouncycastle.jcajce.util.DefaultJcaJceHelper.createKeyAgreement(Unknown Source)
at org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto.calculateKeyAgreement(JcaTlsCrypto.java:122)
at org.bouncycastle.tls.crypto.impl.jcajce.JceTlsECDomain.calculateECDHAgreement(JceTlsECDomain.java:65)
... 17 more
org.bouncycastle.tls.crypto.TlsCryptoException: cannot calculate secret
Any suggestions much appreciated.