I'm getting the following exception when I enable SSL debug via -Djavax.net.debug=ssl:
java.security.NoSuchAlgorithmException: EC AlgorithmParameters not available
I'm running Centos 6.7, Open JDK 1.8.0_91 & Tomcat 7.0.63
My research indicates that this is a known bug: https://bugs.centos.org/view.php?id=9482
I found numerous sources indicating that a workaround for this is to disable the Elliptic Curve cipher algorithms by setting the following property in the jre/lib/security/java.security file:
jdk.tls.disabledAlgorithms=EC,ECDHE,ECDH
I looked at my java.security file and found that these algorithms were already disabled:
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keysize < 768, EC, ECDHE, ECDH
I tried changing this property to be exactly as shown in the examples I found and that did not work either. I also tried removing the jre/lib/ext/sunec.jar file, which again had no effect.
I've carefully traced my installation of Tomcat to ensure that the jre/lib/security/java.security file I'm modifying is the one Tomcat is running on.
If anyone has any ideas about what is going on here or how I can work around this problem I would be very grateful to get your input.
This question is related to OpenJDK on OpenShift: "NoSuchAlgorithmException: EC AlgorithmParameters not available" except I'm not using OpenShift and I am able to edit my java.security file to attempt the well known workaround. My problem is that the workaround does not work for me.
