the following recent thread
http://forums.sun.com/thread.jspa?threadID=5425442
seems to indicate that this is not possible. But i will need to check
with the JDK folks and get back to you.
NBW wrote:
> I should have also mentioned this is on GF v2.1 (Sun Java System
> Application Server 9.1_02 (build b04-fcs))
>
> On Wed, Mar 31, 2010 at 2:10 PM, NBW <emailnbw_at_gmail.com
> <mailto:emailnbw_at_gmail.com>> wrote:
>
> I am trying to establish an SSL connection between VLC and
> Glassfish using the default self signed cert from GF. After
> exporting this cert using:
>
> <JAVA_HOME>/bin/keytool -export -rfc -alias s1as -keystore
> <GLASSFISH_HOME>/domains/<DOMAIN_NAME>/config/keystore.jks -file
> s1as.pem
>
> and placing the PEM file into C:\Documents and
> Settings\alice\Application Data\vlc\ssl\certs as required by VLC I
> am seeing the following error from VLC when going to the https URL
> hosted by GF:
>
>
> /gnutls error: TLS handshake error: The Diffie Hellman prime sent
> by the server is not acceptable (not long enough).
> main error: TLS client session handshake error
> gnutls debug: GnuTLS deinitialized/
>
> At some point GNU-TLS, which VLC uses, upped the requirement for
> the min. length of the DH prime it receives from the server. It
> appears GF's is too short. I am hoping there is some property I
> can set in the admin console to bump this up, perhaps a JVM
> property. Also it would be nice to be able to see this setting in
> the server.log if there is a log/trace setting that will cause it
> to dump.
>
> Any insight is appreciated, thanks,
>
> -Noah
>
>