We're updating the issue view to help you get more done. 

Add -Djdk.tls.ephemeralDHKeySize=matched and/or Djsse.SSLEngine.acceptLargeFragments=true to startup parameters

Description

xmpp.org went offline recently and came back online with the DH key size set to 2048. This caused federation with XMPP servers using a size of 1024 to fail.

In the cases for Java based XMPP servers like Openfire (which use a default value of 1024 inherited from the JVM), the error message being recieved from xmpp.org was "handshake_failure" instead of "dh key size too small" and that made debugging difficult.

Adding the following parameters at startup fixed the issue

-Djdk.tls.ephemeralDHKeySize=matched

-Djsse.SSLEngine.acceptLargeFragments=true

The purpose of this issue is to see if we can add at least one of those options to our startup scripts.

Environment

None

Acceptance Test - Entry

None

Assignee

Guus der Kinderen

Reporter

Dele Olajide

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Affects versions

Priority

Minor
Configure