sjansen

Handshake simulator should "fail" for Java6 and DHE-RSA-AES128-SHA for DH param> 1024

Discussion created by sjansen on Nov 27, 2013
Latest reply on Dec 2, 2013 by Ivan Ristić

Hi.

 

The handshake simulation should fail for Java 6 when using Cipher TLS_DHE_RSA_WITH_AES_128_CBC_SHA when the DH parameter are >1024 bit.

 

Java cannot connect in that case:

javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair

 

This is a topic now, because the recently released Apache 2.4.7 now uses DH parameters which include primes    with lengths of more than 1024 bits.

 

 

See here:

http://httpd.apache.org/docs/2.4/ssl/ssl_faq.html#aboutssl

"Why do I get handshake failures with Java-based clients when using a certificate with more than 1024 bits?"

 

Regards,

Stephan

Outcomes