I am trying to establish an SSL connection between VLC and Glassfish using
the default self signed cert from GF. After exporting this cert using:
<JAVA_HOME>/bin/keytool -export -rfc -alias s1as -keystore
<GLASSFISH_HOME>/domains/<DOMAIN_NAME>/config/keystore.jks -file s1as.pem
and placing the PEM file into C:\Documents and Settings\alice\Application
Data\vlc\ssl\certs as required by VLC I am seeing the following error from
VLC when going to the https URL hosted by GF:
*gnutls error: TLS handshake error: The Diffie Hellman prime sent by the
server is not acceptable (not long enough).
main error: TLS client session handshake error
gnutls debug: GnuTLS deinitialized*
At some point GNU-TLS, which VLC uses, upped the requirement for the min.
length of the DH prime it receives from the server. It appears GF's is too
short. I am hoping there is some property I can set in the admin console to
bump this up, perhaps a JVM property. Also it would be nice to be able to
see this setting in the server.log if there is a log/trace setting that will
cause it to dump.
Any insight is appreciated, thanks,
-Noah