If we unzip the current release of the docker plugin (0.16.2) we see the following
These files conflict with the bouncycastle jars bundled in the baseline version of Jenkins that 0.16.2 ships with and depending on plugin classloader initialization order, can cause a series of very hard to trace issues with crypto within Jenkins.
The normal solution would be to shade the jar that was being bundled, however as bouncycastle is a JCA provider and must be signed by a trusted JCA provider code signing key, this is not an option.
The solution is to replace the bundled bouncycastle jars with a dependency on the bouncycastle-api plugin.
As the version of bouncycastle required by the docker plugin is 1.54, this will also require bumping the core version to at least 1.648
Once the core version dependency reaches 2.16 - at which point bouncycastle was removed from core - then the dependency on the bouncycastle-api plugin becomes critical as all plugins are required to be getting their bouncycastle from that plugin...