I am trying to increase the DH key size from 1024 bits to 2048 bits, as per this question: How to expand DH key size to 2048 in java 8.
However, it does not seem to work. Relevant information:
java -version
java version "1.8.0_45"
Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode)
And
System.out.println(Security.getProperty("jdk.tls.ephemeralDHKeySize"));
2048
However, if I connect to that server from a client, it uses 1024-bit:
openssl s_client -connect server:port -cipher "EDH" 2>/dev/null | grep -ie "Server .* key"
Server Temp Key: DH, 1024 bits
Any idea what else I can do?
I'm concerned that you're calling Security.getProperty("jdk.tls.ephemeralDHKeySize") to check the DH key size. The jdk.tls.ephemeralDHKeySize property is not a Security property, it's a System property, which leads me to suspect that you're not setting it properly. If you're setting it like this:
Security.setProperty("jdk.tls.ephemeralDHKeySize", "2048"); // don't do this
then that's not going to work. Try either passing:
-Djdk.tls.ephemeralDHKeySize=2048
in the command-line of your program, or set it like this:
System.setProperty("jdk.tls.ephemeralDHKeySize", "2048");
in code.