On Thu, 14 Apr, 2022, 01:06 Christopher Schultz, < ch...@christopherschultz.net> wrote:
> All, > > I asked this question a few years ago on SO and I didn't really get an > answer: > > https://stackoverflow.com/questions/39374024/determine-diffie-hellman-parameters-length-for-a-tls-handshake-in-java > > Does anyone know if it's possible to get the DHE key-exchange parameters > during the TLS handshake using just SSLSocket on the client end? I'm > trying to detect when the server is using "weak" DH key lengths like <= > 1024 bits. > > (I'm also curious as to why my ssltest tool[1] is unable to connect to a > server which is allowing ADH-AES128-GCM-SHA256 aka > TLS_DH_anon_WITH_AES_128_GCM_SHA256 ; I suspect it has something to do > with my JVMs unwillingness to use 1024-bit DHE for the handshake, and I > can't figure out how to turn it off. SSLLabs and sslscan both report > this cipher suite as being "enabled" on the server, but my tool reports > that the handshake failed, which usually implies that the cipher suite > is disabled.) > > Thanks, > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >