"ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY" in Firefox and/or Chrome When Trying To Load Service Desk Manager Using SSL In Firefox And/Or Chrome
Article ID: 72955
SUPPORT AUTOMATION- SERVERCA Service Desk Manager - Unified Self ServiceKNOWLEDGE TOOLSCA Service Management - Asset Portfolio ManagementCA Service Management - Service Desk Manager
ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY in Firefox and/or Chrome When Loading Service Desk using SSL in Tomcat
Error in Chrome:
Server has a weak ephemeral Diffie-Hellman public key
This error can occur when connecting to a secure (HTTPS) server. It means that the server is trying to set up a secure connection but, due to a disastrous misconfiguration, the connection wouldn't be secure at all!
In this case the server needs to be fixed. Google Chrome won't use insecure connections in order to protect your privacy. Learn more about this problem.
Error in Firefox:
Secure Connection Failed
An error occurred during a connection to <hostname>:8443. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.
This is mostly due to the way newer browsers are handling ciphers to avoid the logjam vulnerability in SSL. This is mostly seen as the SSL certificate that you have from your certificate authority is using a shorter key than is secure according to newer standards.
CA Service Desk Manager 14.1, 17.x
1) Locate server.xml file in SDM Server (<SDM_Install_dir>\bopcfg\www\CATALINA_BASE\conf\server.xml): 2) Locate the <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" tags in the server.xml
3a) Add the ciphers tag and values to the connector:
Java 7 with Tomcat 7: ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA"