Test SSL on :5222, DH keySize < 2048

I tried with openssl s_client but it didn’t display a certificate; xmpp.net IM Observatory seems to return relevant info and says the cert is good, why doesn’t openssl?

-bash-4.1$ openssl s_client -connect </dev/null -starttls xmpp


no peer certificate available

No client certificate CA names sent

SSL handshake has read 421 bytes and written 114 bytes

New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

xmpp.net also said :

Server uses Diffie-Hellman parameters of < 2048 bits

Does this refer to my private key?

I tried editing the java.security file and removed an earlier warning about DSA by removing that cipher, and thought I addressed the DH keySize < 2048 by adding :

jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 2048

jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048, DH keySize < 2048

but xmpp.net still says :

Server uses Diffie-Hellman parameters of < 2048 bits

I did restart Jive after editing java.security. Thanks for any help!


I fixed this by upgrading to jdk 1.8.72 - score at xmpp.net is now A! The

Server uses Diffie-Hellman parameters of < 2048 bits

issue had to do with jdk 1.7. I did have to edit java.security again to exclude DH keySize < 2048. Hopefully openfire will continue to run well with jdk 1.8.