Does JDK 1.8 support a 4096-bit Cipher set with Diffie-Hellman (DH) keys

Question

Does JDK 1.8 support a 4096-bit Cipher set with Diffie-Hellman (DH) keys

I want to know if JDK 1.8 supports a DH key length of 4096 bits.

jdk.tls.ephemeralDHKeySize I searched, I found that jdk.tls.ephemeralDHKeySize can only accept from 1024 to 2048 bits.

I need to connect to a site that supports

"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 4096 bits (p: 512, g: 1, Ys: 512)."

But I get

"Failed to create DH keypair" Exception.

EDIT:

Adding more information,

I am using Apache httpclient-4.2.5 to connect to the site. Server also supports

"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) - 4096 bits."

When I use JDK 1.8 and try to connect a cipher suite, it is selected by the server, but JDK 1.8 only supports 2048 bits, and my connection does not work.

EDIT:

Bouncy castle can be used as a workaround to support 4096 bits. http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6521495

+7

java-8 ssl apache-httpclient-4.x diffie-hellman

Utra Apr 20 '15 at 10:47

source share

1 answer

bviktor · Answer 1 · 2015-04-28T21:58:25+0000

It seems to work on Windows and OS X, but not Linux. Don't ask why, all I know is that Windows and OS X clients can connect through Java to servers with a key size of 4096, while Linux clients cannot.

https://bugzilla.redhat.com/show_bug.cgi?id=1163501

It has not yet been committed to Fedora, so it may take quite a while before it becomes CentOS / RHEL.

Does JDK 1.8 support a 4096-bit Cipher set with Diffie-Hellman (DH) keys

More articles: