Hanno Boeck, Juraj Somorovsky and Craig Young discovered that the TLS implementation in Bouncy Castle is vulnerable to an adaptive chosen ciphertext attack against RSA keys.