Hello, I need to correct a statement:
Am Sat, 23 May 2015 15:50:06 +0200 schrieb Bernd Eckenfels <e...@zusammenkunft.net>: > BTW in Regards to the Server side: > > That document should mention that the parameter group is generated > randomly on first use (matching DSA restrictions). It is a good thing > there are no standard primes used This is actually wrong. I missed the fact that the Parameter Cache is pre-populated with primes for some sizes. Theoretically one can pick a different bit size and it should be randomly generated. However this has a problem: - ServerHandshaker restricts custom sizes between 1024 and 2048 Exception in thread "main" java.lang.ExceptionInInitializerError at sun.security.ssl.SSLSocketImpl.initHandshaker(SSLSocketImpl.java:1310) at sun.security.ssl.SSLSocketImpl.doneConnect(SSLSocketImpl.java:678) at sun.security.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:349) at net.eckenfels.test.ssl.JSSESocketServer.main(JSSESocketServer.java:104) Caused by: java.lang.IllegalArgumentException: Customized DH key size should be positive integer between 1024 and 2048 bits, inclusive at sun.security.ssl.ServerHandshaker.<clinit>(ServerHandshaker.java:131) - DHParameterGenerator on the other hand allows custom sizes only between 512 and 1024: Exception in thread "main" javax.net.ssl.SSLException: java.security.InvalidParameterException: Keysize must be multiple of 64 ranging from 512 to 1024 (inclusive), or 2048 at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1894) at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1877) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1398) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375) at net.eckenfels.test.ssl.JSSESocketServer.main(JSSESocketServer.java:118) Caused by: java.security.InvalidParameterException: Keysize must be multiple of 64 ranging from 512 to 1024 (inclusive), or 2048 at com.sun.crypto.provider.DHParameterGenerator.engineInit(DHParameterGenerator.java:84) at java.security.AlgorithmParameterGenerator.init(AlgorithmParameterGenerator.java:296) at sun.security.provider.ParameterCache.getDHParameterSpec(ParameterCache.java:130) at com.sun.crypto.provider.DHKeyPairGenerator.generateKeyPair(DHKeyPairGenerator.java:148) at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:697) at sun.security.ssl.DHCrypt.generateDHPublicKeySpec(DHCrypt.java:226) at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:101) at sun.security.ssl.ServerHandshaker.setupEphemeralDHKeys(ServerHandshaker.java:1357) ... So you can effectively only set 1024 or 2048, and both are precomputed. It would be good to allow a wider range to be set and generated (asuming it can generate safe primes) and even better to specify the parameters on the SSLParameters. Gruss Bernd