[gnutls-help] too few bits from gnutls_dh_params_generate2() ?
Pierre Ossman
ossman at cendio.se
Tue Nov 11 08:00:53 CET 2014
On Mon, 10 Nov 2014 18:12:48 -0500
Brian Hinz <bphinz at users.sourceforge.net> wrote:
>
> I think that the actual limitation in question is that Java is requiring
> the prime length to be a multiple of 64. Presumably this dates back to
> FIPS-186-1 which did require prime lengths to be multiples of 64. The
> limitation on the prime length is supposedly being relaxed in Java 8.
>
I checked the JDK 8 code, and the limitation is still there. As is it
in JDK 9. So there doesn't seem to be a fix on the way. :/
E.g.:
http://hg.openjdk.java.net/jdk9/dev/jdk/file/ad04eada78e9/src/java.base/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java
Rgds
--
Pierre Ossman Software Development
Cendio AB http://cendio.com
Teknikringen 8 http://twitter.com/ThinLinc
583 30 Linköping http://facebook.com/ThinLinc
Phone: +46-13-214600 http://plus.google.com/112509906846170010689
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: not available
URL: </pipermail/attachments/20141111/6b2994fc/attachment.sig>
More information about the Gnutls-help
mailing list