JDK-8172869 : 4096 is not supported yet for the DH Parameter Generator
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 9
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2017-01-16
  • Updated: 2017-05-17
  • Resolved: 2017-01-24
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 10 JDK 9
10Fixed 9 b155Fixed
Related Reports
Relates :  
Relates :  
Description
AlgorithmParameterGenerator apg =
                  AlgorithmParameterGenerator.getInstance("DiffieHellman");
        apg.init(4096);

breaks for 4096 key length with following exception

java.security.InvalidParameterException: DH key size must be multiple of 64 and range from 512 to 1024 (inclusive), or 2048, 3072. The specific key size 4096 is not supported

spec mandates that every implementation of AlgorithmParameterGenerator   should support "DiffieHellman" with 4096 keylength
Comments
DH KeyPairGenerator is supported, but DH Parameter Generator not. The KeyPairGenerator is using the pre-defined DH parameters.
18-01-2017