This requires editing server.xml on your server in the server configuration (Server/conf) directory.
Issue:
When I use Firefox I receive an error: Secure Connection Failed. The error details state I have a weak SSL key, the exact error reads: ssl_error_weak_server_ephemeral_dh_key. What can I do to fix this?
Information:
This means that the web server you are trying to reach is vulnerable to the recently published logjam vulnerability. To correct this your IT Server Admin will need to be included as work needs to be done inside Tomcat Application Server.
Resolution:
On the server side you will need to modify your server.xml file. Change the line cipher string:
ciphers=“SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA”
to:
ciphers=“TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA”
In some cases you will need to add this to the connection details of the server.xml file. As a second approach here is a current work around until the server admin is able to fix this, for Firefox 39 and above:
- In Firefox, in the URL field enter about:config and press enter.
- Accept the This might void your warranty! warning :)
- In the search field at the top, enter security.ssl3.dhe_rsa_aes
- Double click each result (128 and 256) to toggle the Value to false
Now retry your site – it should work now. If the above is unable to resolve the issue, then please contact iDashboards Support for further assistance.
Comments
0 comments
Please sign in to leave a comment.