disabledAlgorithms "DHE keySize < 1024" support?

Xuelei Fan xuelei.fan at oracle.com
Sat May 23 00:30:26 UTC 2015

Please refer to the "Customizing Size of Ephemeral Diffie-Hellman Keys"
section of JSSE Reference Guide.



On 5/23/2015 5:34 AM, Bernd Eckenfels wrote:
> Hello,
> does jdk.tls.disabledAlgorithms support to disable DHE based on the
> prime size (similiar to RSA keySize)? I have tried it, but I can only
> disable DHE completely, but I cannot get a Java TLS client to enforce
> higher standards (i.e. at least 768, better 1024) bit. I tried
> Oracle 8u40. Is there another way to do that?
> Gruss
> Bernd

More information about the security-dev mailing list