How to expand DH key size to 2048 in java 8

java security ssl diffie-hellman
user2192774 picture user2192774 · Jul 1, 2014 · Viewed 17k times · Source

I read a lot of posts saying that in java 8 it is possible to expand the DH key size to 2048. They say it is possible from the system property by changing the value of: jdk.tls.ephemeralDHKeySize to 2048. I tried to figure out where and how to do this and could not find. Where can I find this variable or property? which file? path? I am using windows.

Answer

Bruno picture Bruno · Jul 1, 2014

This is a system property, so you could set it via -Djdk.tls.ephemeralDHKeySize=2048 as a JVM argument or via System.setProperty within the code. (I haven't checked for this property, but some properties are read only once by the library that uses them, and then cached permanently during the execution time of the JVM, so you'd generally want to set that setting early enough if you set it within the code.)

The acceptable values are documented in the JSSE reference guide: "Customizing Size of Ephemeral Diffie-Hellman Keys".

Related questions

Keystore type: which one to use?

By looking at the file java.security of my JRE, I see that the keystore type to use by default is set to JKS. Here, there is a list of the keystore types that can be used. Is there a …

Read More
Using Apache httpclient for https

I have enabled https in tomcat and have a self-signed certificate for server auth. I have created an http client using Apache httpClient. I have set a trust manager loading the server certificate. The http client can connect with server …

Read More
Error Importing SSL certificate : Not an X.509 Certificate

I am trying to Update the SSL certificate in accordance with this post . I am noob in certificates, so i followed this guide. But, when i enter keytool -keystore mycacerts -storepass changeit -importcert -file "C:\Users\Noks\Desktop\cacerts.pem" …

Read More