I saw this error when I wanted to connect to another machine:
SEVERE: Could not create connection XXXXX: XXXXX Error establishing socket to host and port: XXXXX:XXXXX. Reason: DHPublicKey does not comply to algorithm constraints
What is the reason for that?
See Question&Answers more detail:os
The reason was that the server only supported weak ciphers. While updating the server is certainly the clean/good solution, the quick one is to remove the constraints as mentioned here:
Within /usr/lib/jvm/default-java/jre/lib/security/java.security or - depending on your OS - /etc/crypto-policies/back-ends/java.config you have a line
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024,
Notice the DH keySize < 1024. So no keys which are smaller are allowed.
Replacing this with
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768,
or completely removing the DH keySize < 1024 part could solve the problem.
You can do this via
$ sed -i "s/ DH keySize < 1024,//" /usr/lib/jvm/default-java/jre/lib/security/java.security
