I am using Netty as backend in a Java-based Usenet client. The library is working fine, however, in some circumstances I can’t connect to a remote server via SSL, because of exactly this error:

Java: Why does SSL handshake give 'Could not generate DH keypair' exception?

Unfortunately, it seems that for whatever reason this Java error still has not been fixed yet. And since the remote server is not under my control, I need a workaround here. One such “solution”, according to the link above, is to avoid DH during SSL handshake at all (not very pretty, but maybe better than nothing).

However, I am no SSL expert, so I am not really sure how I can implement that within Netty; or better: within my solution that is based on Netty. By now I am creating connections as this:

// configure the Netty client
ClientBootstrap bootstrap = new ClientBootstrap(clSockChannelFactory);

// configure the pipeline factory
bootstrap.setPipelineFactory(channelPipelineFactory);
bootstrap.setOption("tcpNoDelay", true);
bootstrap.setOption("keepAlive", true);
bootstrap.setOption("child.receiveBufferSizePredictorFactory", 
          new AdaptiveReceiveBufferSizePredictorFactory());

// start the connection attempt
InetSocketAddress isa = new InetSocketAddress(serverAddress, port);
ChannelFuture future = bootstrap.connect(isa);
...
channel = future.getChannel();
...

Ok, that’s fine, but where can I disable cipher suites before I connect the SSL socket, as desribed in the thread above?

Thanks in advance for all your help!

Kind regards, Matthias

PS: By the way, any ideas why this problem has not been addressed in Java yet?