search cancel

Server has a weak ephemeral Diffie-Hellman public key


Article ID: 89694


Updated On:


CA Automic Workload Automation - Automation Engine


Server has a weak ephemeral Diffie-Hellman public key


Release: AUTOME99000-2.0-Automic-Oracle Retail MOM-Enterprise Edition



Upgrade Google Chrome to update v45 and when trying to access the ECC it shows the message: Server has a weak ephemeral Diffie-Hellman public key


Google and other browser have updated their browser to block site that are using cipher that are susceptible to being exploited.


There are two work around available A) this will need to be apply to the browser or B) which need to be apply to the Tomcat server itself:

1. Go to browser short cut 
2. Right click and Go to properties 
3. Go to Short cut tab 
4. Go to Target textbox, in this you will find your chrome full path , add above string at the end of path. and it will look like 
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013 
5. Apply and close it. 

On the Tomcat system (in the Tomcat\config folder there is a Server.xml file), modify it and add in the cipher listed at:

Example of how it should look can be found here: 

Along with that; all Automic communications between components are encrypted (AutomationEngine, Database, Agents, etc) using AES-256bit encryption by default. As such, with the ( site, it noted that for the tomcat cipher to work with AES -256 bit and it is necessary to install the JCE Unlimited Strength Jurisdiction Policy Files from Oracle. 

If you want to use a different encryption level (128 or 192) it can be adjusted in the UC_AS_SETTINGS: