Over a million developers have joined DZone.

How Java 7 and 8 Handle DHE Keys Differently, and Resolving Errors

Firefox v39.0+ and Chrome v45.0+ may generate an error if "weak" Diffie-Hellman public keys are used. Here's how to resolve the error.

· Java Zone

Discover how AppDynamics steps in to upgrade your performance game and prevent your enterprise from these top 10 Java performance problems, brought to you in partnership with AppDynamics.

Under Java 7 versus 8, Firefox v39.0 + and Chrome v45.0 + may generate an error if "weak" DHE public keys are used for SSL communication in WSO2 products.

To resolve this issue, you have three options:

1.  You need to disable the DHE cipher which is used.

Configure the following cipher suite, which can then be used for SSL communication in CARBON_HOME/repository/conf/tomcat/catalina-server.xml. This cipher parameter must be configured inside the TLS connector element.


To achieve “Perfect Forward Secrecy,” we usually need DHE; therefore, removing the DHE ciphers is not a good option.

2.  Use a 1024-bit (or larger) Diffie-Hellman group for the DHE_RSA SSL cipher suites.

You need to use JAVA 8.0 for this. The following parameter in JAVA 8.0 can be used to customize the key size to some larger value.


JAVA 7.0 does not support 1024-bit key size and you can not have the above parameter to configure a larger key size (in latest public releases of JAVA 7.0)

Currently, WSO2 products can not be run using JAVA 8.0; but, future releases of WSO2 will be able to run using JAVA 8.0, and you can then use the DHE ciphers with a larger key size.

3.  Enable ECDHE
We can enable only the ECDHE cipher in WSO2 servers without using the DHE ciphers. Then, we are safe from both “Weak Cipher”and “Perfect Forward Secrecy” attacks.

So, you can add the following cipher suite which can be used for SSL communication in the CARBON_HOME/repository/conf/tomcat/catalina-server.xml. This cipher's parameter must be configured inside the TLS connector element.


The Java Zone is brought to you in partnership with AppDynamics. AppDynamics helps you gain the fundamentals behind application performance, and implement best practices so you can proactively analyze and act on performance problems as they arise, and more specifically with your Java applications. Start a Free Trial.

java,java 8,java 7,ssl,authorization

Published at DZone with permission of Asela Pathberiya, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}