GRIZZLY0013: Exception during FilterChain execution on Glassfish 4

I am using Glassfish 4.1.2 with Grizzly Framework 2.3.23 and Mojarra 2.2.14 and Hibernate Validator 5.1.2 with EclipseLink/Eclipse Persistence Services version 2.6.1.v20150605-31e8258

The error I keep running into periodically is the following:

  GRIZZLY0013: Exception during FilterChain execution java.lang.RuntimeException: Could not derive key
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1476)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.glassfish.grizzly.ssl.SSLUtils.sslEngineUnwrap(SSLUtils.java:460)
at org.glassfish.grizzly.ssl.SSLConnectionContext.unwrap(SSLConnectionContext.java:189)
at org.glassfish.grizzly.ssl.SSLUtils.handshakeUnwrap(SSLUtils.java:286)
at org.glassfish.grizzly.ssl.SSLBaseFilter.doHandshakeStep(SSLBaseFilter.java:638)
at org.glassfish.grizzly.ssl.SSLBaseFilter.doHandshakeStep(SSLBaseFilter.java:587)
at org.glassfish.grizzly.ssl.SSLBaseFilter.handleRead(SSLBaseFilter.java:304)
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:283)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:200)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:132)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:111)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:536)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:591)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:571)
at java.lang.Thread.run(Thread.java:748)
     Caused by: java.security.ProviderException: Could not derive key
at sun.security.ec.ECDHKeyAgreement.engineGenerateSecret(ECDHKeyAgreement.java:133)
at sun.security.ec.ECDHKeyAgreement.engineGenerateSecret(ECDHKeyAgreement.java:163)
at javax.crypto.KeyAgreement.generateSecret(KeyAgreement.java:648)
at sun.security.ssl.ECDHCrypt.getAgreedSecret(ECDHCrypt.java:102)
at sun.security.ssl.ECDHCrypt.getAgreedSecret(ECDHCrypt.java:120)
at sun.security.ssl.ServerHandshaker.clientKeyExchange(ServerHandshaker.java:1613)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:281)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:966)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:963)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416)
at org.glassfish.grizzly.ssl.SSLUtils.executeDelegatedTask(SSLUtils.java:270)
at org.glassfish.grizzly.ssl.SSLBaseFilter.doHandshakeStep(SSLBaseFilter.java:673)
... 16 more
     Caused by: java.security.InvalidAlgorithmParameterException
at sun.security.ec.ECDHKeyAgreement.deriveKey(Native Method)
at sun.security.ec.ECDHKeyAgreement.engineGenerateSecret(ECDHKeyAgreement.java:130)
... 29 more

This originally happened a lot while I was processing a REST request, but I’ve since disabled that and now the only thing I see running before this occurs is some schedulers for the hour before it happens. My site is up and running for a while before this error suddenly pops up, seemingly at random now. Once Glassfish hits this error, the entire https side of the server stops working and I have to restart the server to get it functioning.

I have found this bug that seemed to coincide with my previous issue (of getting this after a REST call) glassfish github bug report. I have just tried adding BounceCastleProvider as a security provider in my JRE’s java.security file and including the jar in the lib/ext folder as I saw some suggestions that its an issue with BouncyCastle conflicting, though I’m not optimistic of that fixing it as I am not using that library in any calls when this happens.

Other than that, does anyone have other ideas on what I can try or what could be causing this? Do I need to get a new SSL certificate and try with that? Or would I need to update the Grizzly library and any of its dependencies in the Glassfish server?