Customizing the size of Ephemeral Diffie-Hellman Keys
Diffie-Hellman (DH) keys of sizes less than 1024 bits are deprecated because of their
insufficient strength. You can now customize the ephemeral DH key size with the system
property jdk.tls.ephemeralDHKeySize. This system property does not impact DH
key sizes in ServerKeyExchange messages for exportable cipher suites. It impacts
only the DHE_RSA, DHE_DSS, and
DH_anon-based cipher suites in the JSSE Oracle provider. You can specify one of
the following values for this property:
- Undefined: A DH key of size 2048 bits is used for non-exportable cipher suites (default value).
legacy
: The IBM® JSSE provider preserves the legacy behavior (for example, by using ephemeral DH keys of sizes 512 bits and 1024 bits) of earlier releases.matched
: For non-exportable anonymous cipher suites, the DH key size in ServerKeyExchange messages is 1024 bits. For X.509 certificate-based authentication (of non-exportable cipher suites), the DH key size that matches the corresponding authentication key is used, except that the size must be 1024 - 2048 bits. For example, if the public key size of an authentication certificate is 2048 bits, the ephemeral DH key size should be 2048 bits, unless the cipher suite is exportable. This key sizing scheme keeps the cryptographic strength consistent between authentication keys and key-exchange keys.- A valid integer 1024 - 2048, inclusively, if only the IBMJCE provider is available else a valid integer 1024-8192 in multiples of 64, inclusively, if the IBMJCEPlus provider is available: A fixed ephemeral DH key size of the specified value, in bits, is used for non-exportable cipher suites.
Value of jdk.tls.ephemeralDHKeySize | Undefined | legacy |
matched |
Fixed integer value |
---|---|---|---|---|
Exportable DH key size | 512 | 512 | 512 | 512 |
Non-exportable anonymous cipher suites | 2048 | 1024 | 2048 | If the IBMJCEPlus provider is available, the fixed key size is specified by a valid integer property value that must be between 1024 and 8192 in multiples of 64, inclusively. If only the IBMJCE provider is available, the fixed key size is specified by a valid integer property value that must be 1024 - 2048, inclusively. |
Authentication certificate | 2048 | 1024 | The key size is the same as the authentication certificate, but must be 1024 - 2048 bits, inclusively. However, because the IBMJCE provider supports only 2048-bit DH keys larger than 1024 bits, you can use only the values 1024 or 2048. | If the IBMJCEPlus provider is available, the fixed key size is specified by a valid integer property value that must be between 1024 and 8192 in multiples of 64, inclusively. If only the IBMJCE provider is available, the fixed key size is specified by a valid integer property value that must be 1024 - 2048, inclusively. |
Note: From service refresh 1, fix pack 10, the
legacy
value is changed to 1024. From service
refresh 8, fix pack 20, the undefined
and matched
values are
changed from 1024 to 2048.