java - What does "Reason: DHPublicKey does not comply to algorithm constraints" mean?

Question

Welcome To Ask or Share your Answers For Others

java - What does "Reason: DHPublicKey does not comply to algorithm constraints" mean?

1 Answer

深蓝 · Answer 1 · 2021-10-23T21:17:12+0000

The reason was that the server only supported weak ciphers. While updating the server is certainly the clean/good solution, the quick one is to remove the constraints as mentioned here:

Within /usr/lib/jvm/default-java/jre/lib/security/java.security or - depending on your OS - /etc/crypto-policies/back-ends/java.config you have a line

jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024,

Notice the DH keySize < 1024. So no keys which are smaller are allowed.

Replacing this with

jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768,

or completely removing the DH keySize < 1024 part could solve the problem.

You can do this via

$ sed -i "s/ DH keySize < 1024,//" /usr/lib/jvm/default-java/jre/lib/security/java.security

Categories

java - What does "Reason: DHPublicKey does not comply to algorithm constraints" mean?

java - What does "Reason: DHPublicKey does not comply to algorithm constraints" mean?

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags