Java SSL Exception - "Prime size must be a multiple of 64..."

Question

I'm trying to implement an extremely simple SSL client to send an HTTPS POST request to a server, and I've run into this seemingly innocuous exception. The JSSE reference guide has not been of use. Thanks so much.

SSLContext ctx = SSLContext.getInstance("SSL");
// Accept-all trust manager
TrustManager[] trustEverything = { new DefaultTrustManager() };       

// Keystore file in local directory
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new java.io.FileInputStream("keystore"),"123456".toCharArray());

// Key manager  
KeyManager[] managers;
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "123456".toCharArray());
managers = kmf.getKeyManagers();

ctx.init(managers, trustEverything, new SecureRandom());
SSLSocketFactory sslFact = (SSLSocketFactory) ctx.getSocketFactory();
// Connect to internal SSL-enabled server
SSLSocket socket = (SSLSocket) sslFact.createSocket("10.131.149.36", 8443);

The exception is thrown as soon as I try to handshake:

socket.startHandshake();

I've tried to find where these parameters are initialized to no avail. Please make me feel silly.

Caused by: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)
at     com.sun.crypto.provider.DHKeyPairGenerator.initialize(DHKeyPairGenerator.java:120)
at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:658)
at sun.security.ssl.DHCrypt.<init>(DHCrypt.java:117)

Answer 1

Has nothing to do with JCE. It's a hard limit of DH key size to <= 1024 in Java < 1.8.0. Workaround if you have the problem with a Apache HTTPD server you own could be: http://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh