Hi all, I'm writing an HTTPS client for Play, and I would like to give some recommendations in the documentation for the current recommended key sizes in the server handshake and in the X.509 certificate.
I'm using the key lengths as defined in http://www.keylength.com, but I am concerned that I may have confused the algorithm names and key sizes, as Diffie Hellman in particular seems to have a number of different relevant key sizes floating around for p and q. The current text of the document is as follows: ----------- The `jdk.tls.disabledAlgorithms` can be used to prevent weak ciphers, and can also be used to prevent small key sizes from being used in a handshake. This is a [useful feature]( http://sim.ivi.co/2013/11/harness-ssl-and-jsse-key-size-control.html) that is only available in JDK 1.7 and later. The official documentation for disabled algorithms is [here]( http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#DisabledAlgorithms ). The parameter names to use for the disabled algorithms are not obvious, but are listed in the [Providers documentation]( http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html ). For X.509 certificates, the public key algorithms used in signatures can be RSA, DSA or EC (listed as "ECDSA"): ``` jdk.certpath.disabledAlgorithms="RSA keySize < 2048, DSA keySize < 2048, EC keySize < 224" ``` The digest algorithms used in signatures can be "NONE, MD2, MD4, MD5, SHA1, SHA256, SHA512, SHA384": ``` jdk.certpath.disabledAlgorithms="MD2, MD4, MD5" ``` For TLS handshakes, the code will match the first part of the cipher suite after the protocol, i.e. TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 has ECDHE as the relevant cipher, giving "DHE, ECDH, ECDHE, RSA": ``` jdk.tls.disabledAlgorithms="DHE keySize < 2048, ECDH keySize < 2048, ECDHE keySize < 2048, RSA keySize < 2048" ``` Note that if you set `DHE keySize < 2048`, you will also want to set `jdk.tls.ephemeralDHKeySize=2048` (and be running JDK 1.8). JDK 1.7 has a [bug]( http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8014618) that may cause Diffie Hellman algorithms to fail 0.05% of the time, so you may want to disable it or upgrade to JDK 1.8.
