I read a lot of posts saying that in java 8 it is possible to expand the DH key size to 2048. They say it is possible from the system property by changing the value of:
jdk.tls.ephemeralDHKeySize to 2048. I tried to figure out where and how to do this and could not find. Where can I find this variable or property? which file? path? I am using windows.
The key size is the same as the authentication certificate, but must be 1024 - 2048 bits, inclusively. However, because the IBMJCE provider supports only 2048-bit DH keys larger than 1024 bits, you can use only the values 1024 or 2048.
This is a system property, so you could set it via -Djdk.tls.ephemeralDHKeySize=2048 as a JVM argument or via System.setProperty within the code. (I haven't checked for this property, but some properties are read only once by the library that uses them, and then cached permanently during the execution time of the JVM, so you'd generally want to set that setting early enough if you set it within the code.)
The acceptable values are documented in the JSSE reference guide: "Customizing Size of Ephemeral Diffie-Hellman Keys".
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With