Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8133621

2048-bit DH upper bound too small for geotrust ssl ca - g3 error

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: P4
    • Resolution: Duplicate
    • Affects Version/s: 8u51
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:

      Description

      FULL PRODUCT VERSION :


      A DESCRIPTION OF THE PROBLEM :
      Some protocols of new sites use DHParameterSpec to the 4096-bit

      for example ripple.com (CA : geotrust ssl ca - g3) data can not be read in java (.net ok)

      Sun's JCE implementation imposes an artificial restriction on Diffie-Hellman primes. When passing a DHParameterSpec generated with a 4096-bit long modulus, class DHKeyPairGenerator will throw an exception indicating that "Prime size must be multiple of 64, and can only range from 512 to 2048 (inclusive)."

      Please allow for module sizes beyond the 2048-bit limit.(Proposal to change 4096)

      The same problem has been fixed in redhat:

      https://bugzilla.redhat.com/attachment.cgi?id=1012238&action=diff


      REPRODUCIBILITY :
      This bug can be reproduced always.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                pardesha Pardeep Sharma
                Reporter:
                webbuggrp Webbug Group
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: