All,
I asked this question a few years ago on SO and I didn't really get an
answer:
https://stackoverflow.com/questions/39374024/determine-diffie-hellman-parameters-length-for-a-tls-handshake-in-java
Does anyone know if it's possible to get the DHE key-exchange parameters
during the TLS handshake using just SSLSocket on the client end? I'm
trying to detect when the server is using "weak" DH key lengths like <=
1024 bits.
(I'm also curious as to why my ssltest tool[1] is unable to connect to a
server which is allowing ADH-AES128-GCM-SHA256 aka
TLS_DH_anon_WITH_AES_128_GCM_SHA256 ; I suspect it has something to do
with my JVMs unwillingness to use 1024-bit DHE for the handshake, and I
can't figure out how to turn it off. SSLLabs and sslscan both report
this cipher suite as being "enabled" on the server, but my tool reports
that the handshake failed, which usually implies that the cipher suite
is disabled.)
Thanks,
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
