Java crypto libraries and large keys
Eric McCorkle
eric.mccorkle at oracle.com
Tue Feb 11 16:27:56 UTC 2014
I've been doing some upgrades on servers I run at home recently. One of
the upgrades I'd planned was to increase the key size of my internal CA
key and SSL keys to 8192 bits as a future-proofing measure (I use SSL
with client certificates for all service-to-service communication).
What I found was that apparently a number of server applications are not
capable of handling keys of that size. I found a number of things
stopped working, failing with error messages that suggest hard-coded
limits ("excessive message size", etc).
I have not gotten to any of the Java-based services I run yet, but I
think it's worth looking in to whether the Java security and crypto
libraries suffer from similar limitations.
More information about the core-libs-dev
mailing list