i tried changing cipher suites listed in this url. still secure connection failed error in mozilla firefox.
what supported cipher suites? can change dh parameter size & rsa key size in jboss ?
i did little google on subject , summarise here.
dh parameter size can set using system property ( add jvm option if cannot use system.setproperty()). 2048 bit recommended size , 1024 minimum size safety. parameter can set by-
-djdk.tls.ephemeraldhkeysize=2048 more over, prevent client initiated renegotiation (secured or non-secured), can use following jvm options-
jdk.tls.rejectclientinitiatedrenegotiation=true this work java ee container runs on hotspot vm.
note: dh key size can customized in java 8. , value should 768, 1024 or 2048 bits only.
Comments
Post a Comment