tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matej Kafadar <>
Subject Re: tomcat 4.1.x with jdk1.4.2 ssl certificate(4096-key length) support - again
Date Thu, 10 Mar 2005 08:30:11 GMT
Bruce, thanks for response.

I know java has problem. Tomcat is here because I would like to have 
tomcat with SSL (with rsa key 4096 length support).
I installed unlimited JCE strength and problem stil exist.
Can anyone confirm "does Java 1.4 support 4096 RSA key size or only 2048".

Best regards


Bruce Keats wrote:
> Having looked at this issue just reciently, I believe the root cause
> of the problem is fact that your version of Java 1.4.2 is the exported
> restricted version from SUN.  By going to JDK 1.5, you have
> demonstrated that problem is not with tomcat, but with JAVA itself. 
> Check out the section titled "How to Make Applications "Exempt" from
> Cryptographic Restrictions" in "JavaTM Cryptography Extension (JCE)
> Reference Guide"
> Bruce
> On Wed, 09 Mar 2005 14:50:54 +0100, Matej Kafadar <> wrote:
>>I have allready sent this question in user mail group, but there was no
>>response, so I try lucky here. I would be happy if some expert or some
>>who allready solved this problem, give me answer or hint about this.
>>Repeted qouestion:
>>is it possible to have tomcat 4.1.x running with jdk1.4.2 and have SSL
>>with client authentication(client has certificate issued by CA which has
>>certificate with public key length of 4096 bit)?
>>Java 1.4 doesn't support rsa key size of 4096 (only to 2084). With
>>keytool you aren't able to import certificate(4096) to cacerts. I
>>instaled BouncyCastle provider(which support 4096 key). Only when I set
>>it to be default provider, I manageed to import certificate(4096) to
>>cacerts. TomCat doesn't work if default provider isn't SUN, so ssl
>>doesn't work even with smaller keys.
>>I solved this problem by installing jdk1.5 which doesn't have problems
>>with certificate(4096) and TomCat works fine.
>>But I really want to have jdk1.4 and certificate(4096) support.
>>Does anybody know how to solve this problem, or how to configure jdk1.4
>>to support certificate(4096)?
>>I'm lokking forward for any response.
>>Best regards
>>       Matej
>>To unsubscribe, e-mail:
>>For additional commands, e-mail:
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message