I want to create a Java TLS server with support of brainpoolP512r1 using Bouncy Castle 1.68 JSSE. I thought it would be enough to list it with system property jdk.tls.namedGroups but this only leads to this output:
2021-02-17T13:14:17,240 ERROR - Feb 17, 2021 1:14:17 PM org.bouncycastle.jsse.provider.NamedGroupInfo createCandidates
WARNING: 'jdk.tls.namedGroups' contains disabled NamedGroup: brainpoolP512r1
I literally can't find anything on this topic using Google. I've found the BCJSSE-PDF at bouncycastle.org. And I've read quiet a big part of the TLS source code at Github. But I can't make sense of this problem. Thankful for any hints!
Edit: I just found something suspicious in the JSSE code: ECUtil.java. Maybe it is important that I am using AdoptOpenJDK 11.0.10+9?
It is better when the providers are placed up front with the JSSE provider being the first. My "disabled named group" error disappeared. I don't even have to use jdk.tls.namedGroups anymore.
Security.insertProviderAt(new BouncyCastleProvider(), 1);
Security.insertProviderAt(new BouncyCastleJsseProvider(), 1);