Add -Djdk.tls.ephemeralDHKeySize=matched and/or Djsse.SSLEngine.acceptLargeFragments=true to startup parameters
Description
xmpp.org went offline recently and came back online with the DH key size set to 2048. This caused federation with XMPP servers using a size of 1024 to fail.
In the cases for Java based XMPP servers like Openfire (which use a default value of 1024 inherited from the JVM), the error message being recieved from xmpp.org was "handshake_failure" instead of "dh key size too small" and that made debugging difficult.
Adding the following parameters at startup fixed the issue
-Djdk.tls.ephemeralDHKeySize=matched
-Djsse.SSLEngine.acceptLargeFragments=true
The purpose of this issue is to see if we can add at least one of those options to our startup scripts.
xmpp.org went offline recently and came back online with the DH key size set to 2048. This caused federation with XMPP servers using a size of 1024 to fail.
In the cases for Java based XMPP servers like Openfire (which use a default value of 1024 inherited from the JVM), the error message being recieved from xmpp.org was "handshake_failure" instead of "dh key size too small" and that made debugging difficult.
Adding the following parameters at startup fixed the issue
-Djdk.tls.ephemeralDHKeySize=matched
-Djsse.SSLEngine.acceptLargeFragments=true
The purpose of this issue is to see if we can add at least one of those options to our startup scripts.