@matthew_d_green RE: http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html …. 1024-bit DHE is partly due to efficiency, but also due to compatibility (e.g. w/ Java 6).
@mik235 @matthew_d_green First fixed in Java 8, apparently not backported to Java 7 (yet): http://download.java.net/jdk8/docs/technotes/guides/security/enhancements-8.html … and http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7044060 …