Hi, If you haven't already figured this out, I believe you need to set this as a Java option at CAS startup (-Djdk.tls.ephemeralDHKeySize=2048). We use external Tomcat and have something like this in our systemd unit file, but it should work just as well if you are using just the CAS WAR:
Environment='JAVA_OPTS=-Djdk.tls.ephemeralDHKeySize=2048' Jonathon On Fri, Feb 5, 2021 at 8:59 AM Hervé Guillemet <herve.guille...@gmail.com> wrote: > I'm running a CAS 6 server with embedded Jetty and ssl checkers tell me > that my DH parameter's size is only 1024. I haven't found any way to change > it to 2048. > my server.ssl configuration group looks like : > > protocol: TLS > enabled-protocol: TLSv1.2 TLSv1.3 > ciphers: > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 > > Any idea ? > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/9b9917e9-3382-4fad-89e4-112e797ebae9n%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/9b9917e9-3382-4fad-89e4-112e797ebae9n%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABzqDo9e2Bfe8zPv4dOTUDw6%3DAEKFT676ekix2%3DWyiC_Jvvj-w%40mail.gmail.com.
