[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] How to use a stronger Diffie Hellman group in Jetty?
|
Thank you very much for your suggestion. Is there a mean of changing that in Jetty without modifying the JRE?
When I run your commandline, it prints nothing on my server. The connection is refused. I'll try to adapt it to make it work, I should probably use another port. This is the script I use to configure my server from scratch:
https://sourceforge.net/p/red-feed-aggregator/code/ci/master/tree/minimal_self_hosting_setup.sh
> Message du 08/01/22 16:14
> De : "Travis Spencer" <travis@xxxxxxxxx>
> A : gouessej@xxxxxxxxx, "JETTY user mailing list" <jetty-users@xxxxxxxxxxx>
> Copie à :
> Objet : Re: [jetty-users] How to use a stronger Diffie Hellman group in Jetty?
>
>
>
IINM, you can update $JAVA_HOME/conf/security/java.security (on Java 9+) or $JAVA_HOME/lib/security/java.security (on Java < 9) to have
>
>
DH keySize < 2048
>
in the jdk.tls.disabledAlgorithms security property.
>
>
If I read that
weakdh.org web page and the
java.com one correctly, I think that should disable weak DH params. To test, I did like this:
>
$ openssl s_client -connect localhost:443 -showcerts -cipher "EDH" < /dev/null 2>&1 | grep "Server Temp Key"
> Server Temp Key: DH, 2048 bits
>
Against my server, even without disabling DH keys < 2048, I still got the above value which IINM means the weakness spoken about on
weakdh.org is not an issue.
>
HTH!
>
>