Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
A simple program which will detect the maximum Diffie-Hellman size supported by the JRE.
import java.security.AlgorithmParameterGenerator;
import java.security.InvalidParameterException;
public class Diffie {
public static void main (String[] args) throws Exception {
AlgorithmParameterGenerator apg = AlgorithmParameterGenerator . getInstance ("DiffieHellman");
int good = 0;
for (int i = 512 ; i <= 16384 ; i += 64) {
try {
apg . init (i);
} catch (InvalidParameterException e) {
break;
}
good = i;
}
System . out . println ("maximum DH size is " + good);
}
}
@ecki

This comment has been minimized.

Copy link

ecki commented Nov 20, 2014

I think if you count the loop downwards it is faster to detect the first success (at least if you then actually call #generateParameters()). The used size in JSSE for TLS is btw capped by the provider max, but could be less: https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#customizing_dh_keys

@luukes

This comment has been minimized.

Copy link

luukes commented May 22, 2015

Thanks for your quick test. I just wanted to state that this script does not work for a check for 2048bit, because java 8 allows these 64bit steps only up to 1024 and then 2048 with no steps in between.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.