I should have also mentioned this is on GF v2.1 (Sun Java System Application
Server 9.1_02 (build b04-fcs))
On Wed, Mar 31, 2010 at 2:10 PM, NBW <emailnbw_at_gmail.com> wrote:
> I am trying to establish an SSL connection between VLC and Glassfish using
> the default self signed cert from GF. After exporting this cert using:
>
> <JAVA_HOME>/bin/keytool -export -rfc -alias s1as -keystore
> <GLASSFISH_HOME>/domains/<DOMAIN_NAME>/config/keystore.jks -file s1as.pem
>
> and placing the PEM file into C:\Documents and Settings\alice\Application
> Data\vlc\ssl\certs as required by VLC I am seeing the following error from
> VLC when going to the https URL hosted by GF:
>
>
> *gnutls error: TLS handshake error: The Diffie Hellman prime sent by the
> server is not acceptable (not long enough).
> main error: TLS client session handshake error
> gnutls debug: GnuTLS deinitialized*
>
> At some point GNU-TLS, which VLC uses, upped the requirement for the min.
> length of the DH prime it receives from the server. It appears GF's is too
> short. I am hoping there is some property I can set in the admin console to
> bump this up, perhaps a JVM property. Also it would be nice to be able to
> see this setting in the server.log if there is a log/trace setting that will
> cause it to dump.
>
> Any insight is appreciated, thanks,
>
> -Noah
>
>