Setting Diffie-Hellman keysize on Java
Issue
- How can I require Diffie-Hellman be 2048 bits or greater in Red Hat JBoss Enterprise Application Platform (EAP) 6?
- How do I set the Diffie-Hellman keysize to a defined value to avoid vulnerabilities like logjam?
- Does OpenJDK 1.7 support ephemeral key sizes larger than 1024 bits, if the
-Djdk.tls.ephemeralDHKeySize=2048parameter is set accordingly? - Browser received a weak ephemeral Diffie-Hellman key in SSL Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)
- Browser is returning "Server has a weak ephemeral Diffie-Hellman public key ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY"
- Failed to access Website due to DHE key length issue, hence should we upgrade the JDK/JRE to 7 / 8 and apply this parameter " JAVA_OPTS="$JAVA_OPTS -Djdk.tls.ephemeralDHKeySize=2048"" to fix the problem?
Environment
- Oracle Java 8
- OpenJDK Java 8
- OpenJDK java-1.7.0-openjdk-1.7.0.79-2.5.5.1.el7_1 (provided in Red Hat Enterprise Linux) or later
- Oracle Java 7u85 or later
- OpenJDK java-1.6.0-openjdk-1.6.0.36-1.13.8.1 (provided in Red Hat Enterprise Linux) or later
- Oracle Java 6u101 or later
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
