Why does SSL handshake give 'Could not generate DH keypair' exception?

Question

When I make an SSL connection with some IRC servers (but not others - presumably due to the server\'s preferred encryption method) I get the following exception:

<         


        

Answer 1

The problem is the prime size. The maximum-acceptable size that Java accepts is 1024 bits. This is a known issue (see JDK-6521495).

The bug report that I linked to mentions a workaround using BouncyCastle's JCE implementation. Hopefully that should work for you.

UPDATE

This was reported as bug JDK-7044060 and fixed recently.

Note, however, that the limit was only raised to 2048 bit. For sizes > 2048 bit, there is JDK-8072452 - Remove the maximum prime size of DH Keys; the fix appears to be for 9.