Add -Djdk.tls.ephemeralDHKeySize=matched and/or Djsse.SSLEngine.acceptLargeFragments=true to startup parameters

Description went offline recently and came back online with the DH key size set to 2048. This caused federation with XMPP servers using a size of 1024 to fail.

In the cases for Java based XMPP servers like Openfire (which use a default value of 1024 inherited from the JVM), the error message being recieved from was "handshake_failure" instead of "dh key size too small" and that made debugging difficult.

Adding the following parameters at startup fixed the issue



The purpose of this issue is to see if we can add at least one of those options to our startup scripts.




Guus der Kinderen


Dele Olajide