I was close. The answer seems to be to set the security property as follows:
jdk.tls.disabledAlgorithms=DHE, ECDHE
(I came on that after reading the hot-off-the-press blog post: JDK 8 will use TLS 1.2 as default).
Once that is set on the server, an https connection captured by Wireshark no longer shows the Server Key Exchange
message.
It is then possible to decrypt content that went over the wire as shown by this image
I hope this will be useful when trying to analyse what Android cell phones are receiving over the wire.