JDK-8133621 : 2048-bit DH upper bound too small for geotrust ssl ca - g3 error
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Affected Version: 8u51
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_8
  • CPU: x86
  • Submitted: 2015-07-16
  • Updated: 2015-08-14
  • Resolved: 2015-08-14
Related Reports
Duplicate :  
JDK-8072452 - Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits
Description
FULL PRODUCT VERSION :


A DESCRIPTION OF THE PROBLEM :
Some protocols of new sites use DHParameterSpec to the 4096-bit 

for example ripple.com (CA : geotrust ssl ca - g3)  data can not be read in java (.net ok)

Sun's JCE implementation imposes an artificial restriction on Diffie-Hellman primes. When passing a DHParameterSpec generated with a 4096-bit long modulus, class DHKeyPairGenerator will throw an exception indicating that "Prime size must be multiple of 64, and can only range from 512 to 2048 (inclusive)."

Please allow for module sizes beyond the 2048-bit limit.(Proposal to change 4096)

The same problem has been fixed in redhat:

https://bugzilla.redhat.com/attachment.cgi?id=1012238&action=diff


REPRODUCIBILITY :
This bug can be reproduced always.
Comments
Closing this as a duplicate of JDK-8072452
14-08-2015