1 Reply Latest reply on Jul 2, 2018 1:30 AM by Martin Choma

    Wildfly Elytron - DHE parameters config

    Matthias Unverzagt Newbie

      It is about the configuration of DHE parameters for TLS handshake.

       

      Before switching to Elytron my configuration of DHE in

      $JAVA_HOME/security/java.security

       

      jdk.tls.server.defaultDHEParameters= { \

            FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 \

            29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD \

            EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 \

            E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED \

            EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D \

            C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F \

            83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D \

            670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B \

            E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 \

            DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510 \

            15728E5A 8AACAA68 FFFFFFFF FFFFFFFF, 2}

      was used by wildfly12 during TLS-Handshake (Server Key Exchange). Everything worked fine.

       

      After switching to Elytron my configuration parameter - the DHE module p - is no more used. Instead an other DHE module with half the size is used.

       

      I need to have some option to configure the DHE parameter. Maybe I'm not seeing an existing option, maybe it is missing.

       

      For my usecase I can not establish the TLS-connection because the TLS client does not accept Server Key Exchange with other DHE-Parameters than the above one.