Java crypto libraries and large keys

Eric McCorkle eric.mccorkle at oracle.com
Tue Feb 11 16:27:56 UTC 2014


I've been doing some upgrades on servers I run at home recently.  One of
the upgrades I'd planned was to increase the key size of my internal CA
key and SSL keys to 8192 bits as a future-proofing measure (I use SSL
with client certificates for all service-to-service communication).

What I found was that apparently a number of server applications are not
capable of handling keys of that size.  I found a number of things
stopped working, failing with error messages that suggest hard-coded
limits ("excessive message size", etc).

I have not gotten to any of the Java-based services I run yet, but I
think it's worth looking in to whether the Java security and crypto
libraries suffer from similar limitations.


More information about the core-libs-dev mailing list