Why does SSL handshake give ‘Could not generate DH keypair’ exception?

by

The problem is the prime size. The maximum-acceptable size that Java accepts is 1024 bits. This is a known issue (see JDK-6521495).

The bug report that I linked to mentions a workaround using BouncyCastle’s JCE implementation. Hopefully that should work for you.

UPDATE

This was reported as bug JDK-7044060 and fixed recently.

Note, however, that the limit was only raised to 2048 bit. For sizes > 2048 bit, there is JDK-8072452 – Remove the maximum prime size of DH Keys; the fix appears to be for 9.

More Related Contents:

  1. Registering multiple keystores in JVM [duplicate]
  2. How to use .key and .crt file in java that generated by openssl?
  3. How can I use different certificates on specific connections?
  4. How are SSL certificate server names resolved/Can I add alternative names using keytool?
  5. javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake during web service communicaiton
  6. How to find what SSL/TLS version is used in Java
  7. Keystore type: which one to use?
  8. java – ignore expired ssl certificate
  9. Using SHA1 and RSA with java.security.Signature vs. MessageDigest and Cipher
  10. javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
  11. Is it possible to change plain socket to SSLSocket?
  12. Java: Overriding function to disable SSL certificate check
  13. Using JavaMail with TLS
  14. CertificateException: No name matching ssl.someUrl.de found
  15. Apache HTTPClient SSLPeerUnverifiedException
  16. Password Verification with PBKDF2 in Java
  17. How to convert certificate from PEM to JKS?
  18. Java SSLHandshakeException: no cipher suites in common
  19. CryptoJS AES encryption and Java AES decryption
  20. How set up Spring Boot to run HTTPS / HTTP ports
  21. What is Keystore?
  22. javax.net.ssl.SSLPeerUnverifiedException: Host name does not match the certificate subject provided by the peer
  23. OkHttp javax.net.ssl.SSLPeerUnverifiedException: Hostname domain.com not verified
  24. How Can I Access an SSL Connection Through Android?
  25. SSLSocket ignores domain mismatch
  26. Setting multiple truststore on the same JVM
  27. SecureRandom with NativePRNG vs SHA1PRNG
  28. Java Keytool error after importing certificate , “keytool error: java.io.FileNotFoundException & Access Denied”
  29. Can we load multiple Certificates & Keys in a Key Store?
  30. Breaking down RSA/ECB/OAEPWithSHA-256AndMGF1Padding

Leave a Comment