Intelligence Center gives "Server has a weak ephemeral Diffie-Hellman public key" response when accessed over SSL
book
Article ID: 168837
calendar_today
Updated On:
Products
PacketShaper S-SeriesIntelligenceCenter
Issue/Introduction
Some of the SSL Ciphers offered by the default configuration of Tomcat included as part of the Intelligence Center package are flagged as weak by modern browsers. This can be corrected with a small configuration change.
Resolution
Follow this procedure to update the configuration:
Browse to your Intelligence Center installation directory, such as, C:\BlueCoat\IntelligenceCenter\apache-tomcat-6.0.33\webapps\ROOT\conf\ .
Use your preferred text editor, and use the search function to find the following string: "ciphers=". This will take you to approximately line 164.
The value between the quotation marks contains the complete list of the SSL ciphers offered to SSL clients. Delete everything between these quotes, so that you are left with the line ending: ciphers="" />
Paste the following line between those quotation marks (note this is all one line; breaks appear here for clarity, there should be no breaks in the pasted text): TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA
Save and close server.xml.
Click start, and type "services.msc", and open the services dialogue.
Select "Blue Coat IntelligenceCenter 3.x.x.x" from the list, and restart the service.