Chris, > Am 13.04.2022 um 21:37 schrieb Christopher Schultz > <ch...@christopherschultz.net>: > > All, > > I asked this question a few years ago on SO and I didn't really get an answer: > https://stackoverflow.com/questions/39374024/determine-diffie-hellman-parameters-length-for-a-tls-handshake-in-java > > Does anyone know if it's possible to get the DHE key-exchange parameters > during the TLS handshake using just SSLSocket on the client end? I'm trying > to detect when the server is using "weak" DH key lengths like <= 1024 bits. > > (I'm also curious as to why my ssltest tool[1] is unable to connect to a > server which is allowing ADH-AES128-GCM-SHA256 aka > TLS_DH_anon_WITH_AES_128_GCM_SHA256 ; I suspect it has something to do with > my JVMs unwillingness to use 1024-bit DHE for the handshake, and I can't > figure out how to turn it off. SSLLabs and sslscan both report this cipher > suite as being "enabled" on the server, but my tool reports that the > handshake failed, which usually implies that the cipher suite is disabled.) > Is your question how to detect this in code? Or specifically in Java?
Anyways Do you know testssl.sh? If I want to know how to handle a specific tls problem I check in Dirk's code and start from there... Peter > Thanks, > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
