Why can't my Java app make an SSL handshake?

Issue

I see the error java.lang.RuntimeException: Could not generate DH keypair.

Resolution

This error indicates that there is a problem with the prime size in the SSL handshake. The maximum acceptable size for Java 7 is 1024 bits, but primes of length 2048 bits are common. The problem is most likely due to a change on the side of the service you are calling.

These are some possible solutions:

  • Upgrade to JDK 8.
  • Use an alternative JCE implementation such as BouncyCastle.