DSA with keylength > 1024 no longer accepted

[Peter Haraldson]

Hi
First, I'm not quite sure if this is the correct list for this issue, 
please excuse & correct me if it's not.

Our problem is that in latest openjdk a check is added that makes our 
certificates with DSA & Keylength 2048 unusable. In file 
"sun.security.provider.DSA" line 484-489:
      protected void checkKey(DSAParams params) throws 
InvalidKeyException {
             int valueL = params.getP().bitLength();
             if (valueL > 1024) {
                 throw new InvalidKeyException("Key is too long for this 
algorithm");
             }
         }
This is new, these certificates worked fine before. I don't know the 
reason for not accepting longer keys than 1024, not allowing too short 
keys would make sense to me but not allowing long keys?

We need to find a permanent solution, as for now we can't update our 
production servers because of this. We have several certificates issued 
by MasterCard, it is a very tedious job to change them all.
Is there a way we could bypass this, could this check be abandoned in 
next update?

Our system:
java version "1.7.0_65" (not affected)
OpenJDK Runtime Environment (rhel-2.5.1.2.el6_5-x86_64 u65-b17)
OpenJDK 64-Bit Server VM (build 24.65-b04, mixed mode)
OS: RedHat 6.6

Regards Peter