[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[iaik-ssl] setDHParameter / DHParameterSpec / anyone got some primes?
When you use ephemeral DH with DSA certificates, you need to specify the
DHParameterSpec with the call SSLServerContext.setDHParameter. If you
don't, you get a NullPointerException with no further explanation.
I think that:
a) this could be documented better and
b) a check for this situation in the SSL code that generates a
meaningful exception would be warranted; a DH key exchange doesn't occur
very often so the two-line check would not take too much time,
I have another problem. Normally when generating a DH KeyPair with a a
KeyPair generator, you just specify the number of bits you want.
However, if you specify a DHParameterSpec, you need to supply a n-bit
I haven't seen a prime generator in the API (and for DH, you don't need
a random prime, just a big prime with some special properties).
I have primes of 512 bits length and 2048 bits length. The demo source
code only contains a 512-bit prime. Does anyone have 768-bit and
1024-bit Diffie-Hellman suitable primes?
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html
To unsubscribe send an email to firstname.lastname@example.org with the folowing content: UNSUBSCRIBE iaik-ssl