Created
August 19, 2013 23:35
-
-
Save ppelleti/6275452 to your computer and use it in GitHub Desktop.
A simple program which will detect the maximum Diffie-Hellman size supported by the JRE.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.security.AlgorithmParameterGenerator; | |
import java.security.InvalidParameterException; | |
public class Diffie { | |
public static void main (String[] args) throws Exception { | |
AlgorithmParameterGenerator apg = AlgorithmParameterGenerator . getInstance ("DiffieHellman"); | |
int good = 0; | |
for (int i = 512 ; i <= 16384 ; i += 64) { | |
try { | |
apg . init (i); | |
} catch (InvalidParameterException e) { | |
break; | |
} | |
good = i; | |
} | |
System . out . println ("maximum DH size is " + good); | |
} | |
} |
Thanks for your quick test. I just wanted to state that this script does not work for a check for 2048bit, because java 8 allows these 64bit steps only up to 1024 and then 2048 with no steps in between.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I think if you count the loop downwards it is faster to detect the first success (at least if you then actually call #generateParameters()). The used size in JSSE for TLS is btw capped by the provider max, but could be less: https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#customizing_dh_keys