Question:

When I use Firefox I receive an error for "Secure Connection Failed".  The error details state that I have a weak ssl key, exact error reads "ssl_error_weak_server_ephemeral_dh_key".  What can I do to fix this?

​

Issue:

This means that the web server you’re trying to reach is vulnerable to the recently published logjam vulnerability. To correct this your IT server admin will need to be included, work needs to be done inside Tomcat application server.
 

Answer:

On the server side you will need to modify your server.xml file.  Change the line chipher string

FROM:

ciphers=“SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA”

TO:

ciphers=“TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA”

In some cases you will need to add this to the connection details of the server.xml file.

As a second approach here is a current work around until the server admin is available to do the needed work:

Workaround for Firefox 39 and above:

1) In FireFox, enter “about:config” in the URL field and press enter.
2) Accept the “This might void your warranty!” warning :)
3) In the search field at the top, enter “security.ssl3.dhe_rsa_aes”
4) Double click each result (128 and 256) to toggle the Value to “false”

Now retry your site – it should work now. Remember to change these settings back when you’re done.

Applies To:

• iDashboards Enterprise Suite