Java 8 Diffie Hellman key size issues with 32 bit linux












0














after upgrading our java from 1.7 to 1.8 on an old 32 bit linux system, we receive the following error message while communicating with a webservice:




Caused by: java.security.InvalidAlgorithmParameterException: DH key size must be multiple of 64, and can only range from 512 to 2048 (inclusive). The specific key size 4096 is not supported




The linux distribution is:




uname -a



Linux XXX-XXX-S018 2.6.16.21-0.8-default #1 Mon Jul 3
18:25:39 UTC 2006 i686 i686 i386 GNU/Linux




The distribution:




cat /etc/*release



LSB_VERSION="core-2.0-noarch:core-3.0-noarch:core-2.0-ia32:core-3.0-ia32"
SUSE Linux Enterprise Server 10 (i586)
VERSION = 10




The Java Version we are using (32 bit and 64 bit the same releases)




Java Version:



jdk1.8.0_151




The strange thing is, after downgrading to java 1.7 it works without any problems.



Also the same application runs on a different 64 bit system (with java 1.8) - so we assume that this might be an issue with os architecture (32 bit), the age of the os (in this case from 2006) and java.



We found some bug reports regarding the open JDK that the maximum length was 2048 - but we are using the regular JDK from oracle in the moment.



Thanks for your help,



Hauke










share|improve this question
























  • Which specific version of Java 1.8?
    – KevinO
    Nov 12 '18 at 15:20










  • I edited my post - jdk1.8.0_151
    – Hauke
    Nov 12 '18 at 15:23
















0














after upgrading our java from 1.7 to 1.8 on an old 32 bit linux system, we receive the following error message while communicating with a webservice:




Caused by: java.security.InvalidAlgorithmParameterException: DH key size must be multiple of 64, and can only range from 512 to 2048 (inclusive). The specific key size 4096 is not supported




The linux distribution is:




uname -a



Linux XXX-XXX-S018 2.6.16.21-0.8-default #1 Mon Jul 3
18:25:39 UTC 2006 i686 i686 i386 GNU/Linux




The distribution:




cat /etc/*release



LSB_VERSION="core-2.0-noarch:core-3.0-noarch:core-2.0-ia32:core-3.0-ia32"
SUSE Linux Enterprise Server 10 (i586)
VERSION = 10




The Java Version we are using (32 bit and 64 bit the same releases)




Java Version:



jdk1.8.0_151




The strange thing is, after downgrading to java 1.7 it works without any problems.



Also the same application runs on a different 64 bit system (with java 1.8) - so we assume that this might be an issue with os architecture (32 bit), the age of the os (in this case from 2006) and java.



We found some bug reports regarding the open JDK that the maximum length was 2048 - but we are using the regular JDK from oracle in the moment.



Thanks for your help,



Hauke










share|improve this question
























  • Which specific version of Java 1.8?
    – KevinO
    Nov 12 '18 at 15:20










  • I edited my post - jdk1.8.0_151
    – Hauke
    Nov 12 '18 at 15:23














0












0








0







after upgrading our java from 1.7 to 1.8 on an old 32 bit linux system, we receive the following error message while communicating with a webservice:




Caused by: java.security.InvalidAlgorithmParameterException: DH key size must be multiple of 64, and can only range from 512 to 2048 (inclusive). The specific key size 4096 is not supported




The linux distribution is:




uname -a



Linux XXX-XXX-S018 2.6.16.21-0.8-default #1 Mon Jul 3
18:25:39 UTC 2006 i686 i686 i386 GNU/Linux




The distribution:




cat /etc/*release



LSB_VERSION="core-2.0-noarch:core-3.0-noarch:core-2.0-ia32:core-3.0-ia32"
SUSE Linux Enterprise Server 10 (i586)
VERSION = 10




The Java Version we are using (32 bit and 64 bit the same releases)




Java Version:



jdk1.8.0_151




The strange thing is, after downgrading to java 1.7 it works without any problems.



Also the same application runs on a different 64 bit system (with java 1.8) - so we assume that this might be an issue with os architecture (32 bit), the age of the os (in this case from 2006) and java.



We found some bug reports regarding the open JDK that the maximum length was 2048 - but we are using the regular JDK from oracle in the moment.



Thanks for your help,



Hauke










share|improve this question















after upgrading our java from 1.7 to 1.8 on an old 32 bit linux system, we receive the following error message while communicating with a webservice:




Caused by: java.security.InvalidAlgorithmParameterException: DH key size must be multiple of 64, and can only range from 512 to 2048 (inclusive). The specific key size 4096 is not supported




The linux distribution is:




uname -a



Linux XXX-XXX-S018 2.6.16.21-0.8-default #1 Mon Jul 3
18:25:39 UTC 2006 i686 i686 i386 GNU/Linux




The distribution:




cat /etc/*release



LSB_VERSION="core-2.0-noarch:core-3.0-noarch:core-2.0-ia32:core-3.0-ia32"
SUSE Linux Enterprise Server 10 (i586)
VERSION = 10




The Java Version we are using (32 bit and 64 bit the same releases)




Java Version:



jdk1.8.0_151




The strange thing is, after downgrading to java 1.7 it works without any problems.



Also the same application runs on a different 64 bit system (with java 1.8) - so we assume that this might be an issue with os architecture (32 bit), the age of the os (in this case from 2006) and java.



We found some bug reports regarding the open JDK that the maximum length was 2048 - but we are using the regular JDK from oracle in the moment.



Thanks for your help,



Hauke







java linux encryption diffie-hellman






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 12 '18 at 15:22

























asked Nov 12 '18 at 15:15









Hauke

50311331




50311331












  • Which specific version of Java 1.8?
    – KevinO
    Nov 12 '18 at 15:20










  • I edited my post - jdk1.8.0_151
    – Hauke
    Nov 12 '18 at 15:23


















  • Which specific version of Java 1.8?
    – KevinO
    Nov 12 '18 at 15:20










  • I edited my post - jdk1.8.0_151
    – Hauke
    Nov 12 '18 at 15:23
















Which specific version of Java 1.8?
– KevinO
Nov 12 '18 at 15:20




Which specific version of Java 1.8?
– KevinO
Nov 12 '18 at 15:20












I edited my post - jdk1.8.0_151
– Hauke
Nov 12 '18 at 15:23




I edited my post - jdk1.8.0_151
– Hauke
Nov 12 '18 at 15:23












1 Answer
1






active

oldest

votes


















0














please read https://www.oracle.com/technetwork/java/javase/8u151-relnotes-3850493.html



in Oracle JRE 8u151 you shall find java.security file and set set the crypto.policy to a value of 'unlimited'.



I assume your JRE7 has the Unlimited JRE strength policy already installed



Newer versions (8u161, ..) are having the unlimited strength enabled by default.



Please note Oracle JRE 8u151 has a serious issue with decoding gzip stream. When using with a web/application server such as Tomcat, .. you have to disable stream compression or upgrade to a little bit higher https://bugs.java.com/view_bug.do?bug_id=JDK-8189789






share|improve this answer





















  • The crypto.policy inside the file /jre/lib/security/java.security was already set to unlimited. I also tried it with Java 8u191 without luck.
    – Hauke
    Nov 13 '18 at 6:58










  • @Hauke I see, maybe related bugs.openjdk.java.net/browse/JDK-8172869
    – gusto2
    Nov 13 '18 at 8:26











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53265077%2fjava-8-diffie-hellman-key-size-issues-with-32-bit-linux%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














please read https://www.oracle.com/technetwork/java/javase/8u151-relnotes-3850493.html



in Oracle JRE 8u151 you shall find java.security file and set set the crypto.policy to a value of 'unlimited'.



I assume your JRE7 has the Unlimited JRE strength policy already installed



Newer versions (8u161, ..) are having the unlimited strength enabled by default.



Please note Oracle JRE 8u151 has a serious issue with decoding gzip stream. When using with a web/application server such as Tomcat, .. you have to disable stream compression or upgrade to a little bit higher https://bugs.java.com/view_bug.do?bug_id=JDK-8189789






share|improve this answer





















  • The crypto.policy inside the file /jre/lib/security/java.security was already set to unlimited. I also tried it with Java 8u191 without luck.
    – Hauke
    Nov 13 '18 at 6:58










  • @Hauke I see, maybe related bugs.openjdk.java.net/browse/JDK-8172869
    – gusto2
    Nov 13 '18 at 8:26
















0














please read https://www.oracle.com/technetwork/java/javase/8u151-relnotes-3850493.html



in Oracle JRE 8u151 you shall find java.security file and set set the crypto.policy to a value of 'unlimited'.



I assume your JRE7 has the Unlimited JRE strength policy already installed



Newer versions (8u161, ..) are having the unlimited strength enabled by default.



Please note Oracle JRE 8u151 has a serious issue with decoding gzip stream. When using with a web/application server such as Tomcat, .. you have to disable stream compression or upgrade to a little bit higher https://bugs.java.com/view_bug.do?bug_id=JDK-8189789






share|improve this answer





















  • The crypto.policy inside the file /jre/lib/security/java.security was already set to unlimited. I also tried it with Java 8u191 without luck.
    – Hauke
    Nov 13 '18 at 6:58










  • @Hauke I see, maybe related bugs.openjdk.java.net/browse/JDK-8172869
    – gusto2
    Nov 13 '18 at 8:26














0












0








0






please read https://www.oracle.com/technetwork/java/javase/8u151-relnotes-3850493.html



in Oracle JRE 8u151 you shall find java.security file and set set the crypto.policy to a value of 'unlimited'.



I assume your JRE7 has the Unlimited JRE strength policy already installed



Newer versions (8u161, ..) are having the unlimited strength enabled by default.



Please note Oracle JRE 8u151 has a serious issue with decoding gzip stream. When using with a web/application server such as Tomcat, .. you have to disable stream compression or upgrade to a little bit higher https://bugs.java.com/view_bug.do?bug_id=JDK-8189789






share|improve this answer












please read https://www.oracle.com/technetwork/java/javase/8u151-relnotes-3850493.html



in Oracle JRE 8u151 you shall find java.security file and set set the crypto.policy to a value of 'unlimited'.



I assume your JRE7 has the Unlimited JRE strength policy already installed



Newer versions (8u161, ..) are having the unlimited strength enabled by default.



Please note Oracle JRE 8u151 has a serious issue with decoding gzip stream. When using with a web/application server such as Tomcat, .. you have to disable stream compression or upgrade to a little bit higher https://bugs.java.com/view_bug.do?bug_id=JDK-8189789







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 12 '18 at 15:28









gusto2

4,5432919




4,5432919












  • The crypto.policy inside the file /jre/lib/security/java.security was already set to unlimited. I also tried it with Java 8u191 without luck.
    – Hauke
    Nov 13 '18 at 6:58










  • @Hauke I see, maybe related bugs.openjdk.java.net/browse/JDK-8172869
    – gusto2
    Nov 13 '18 at 8:26


















  • The crypto.policy inside the file /jre/lib/security/java.security was already set to unlimited. I also tried it with Java 8u191 without luck.
    – Hauke
    Nov 13 '18 at 6:58










  • @Hauke I see, maybe related bugs.openjdk.java.net/browse/JDK-8172869
    – gusto2
    Nov 13 '18 at 8:26
















The crypto.policy inside the file /jre/lib/security/java.security was already set to unlimited. I also tried it with Java 8u191 without luck.
– Hauke
Nov 13 '18 at 6:58




The crypto.policy inside the file /jre/lib/security/java.security was already set to unlimited. I also tried it with Java 8u191 without luck.
– Hauke
Nov 13 '18 at 6:58












@Hauke I see, maybe related bugs.openjdk.java.net/browse/JDK-8172869
– gusto2
Nov 13 '18 at 8:26




@Hauke I see, maybe related bugs.openjdk.java.net/browse/JDK-8172869
– gusto2
Nov 13 '18 at 8:26


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53265077%2fjava-8-diffie-hellman-key-size-issues-with-32-bit-linux%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Florida Star v. B. J. F.

Danny Elfman

Lugert, Oklahoma